samples/bookinfo/policy/productpage_envoy_ratelimit.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
 metadata:
   name: filter-ratelimit
   namespace: dubbo-system
 spec:
   workloadSelector:
     # select by label in the same namespace
     labels:
       istio: ingressgateway
   configPatches:
     # The Envoy config you want to modify
     - applyTo: HTTP_FILTER
       match:
         context: GATEWAY
         listener:
           filterChain:
             filter:
               name: "envoy.filters.network.http_connection_manager"
               subFilter:
                 name: "envoy.filters.http.router"
       patch:
         operation: INSERT_BEFORE
         value:
           name: envoy.ratelimit
           typed_config:
             "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
             # domain can be anything! Match it to the ratelimter service config
             domain: productpage-ratelimit
             failure_mode_deny: true
             rate_limit_service:
               grpc_service:
                 envoy_grpc:
                   cluster_name: rate_limit_cluster
             timeout: 10s
     - applyTo: CLUSTER
       match:
         cluster:
           service: ratelimit.default.svc.cluster.local
       patch:
         operation: ADD
         value:
           name: rate_limit_cluster
           type: STRICT_DNS
           connect_timeout: 10s
           lb_policy: ROUND_ROBIN
           http2_protocol_options: {}
           load_assignment:
             cluster_name: rate_limit_cluster
             endpoints:
             - lb_endpoints:
               - endpoint:
                   address:
                     socket_address:
                       address: ratelimit.default.svc.cluster.local
                       port_value: 8081
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
 metadata:
   name: filter-ratelimit-svc
   namespace: dubbo-system
 spec:
   workloadSelector:
     labels:
       istio: ingressgateway
   configPatches:
     - applyTo: VIRTUAL_HOST
       match:
         context: GATEWAY
         routeConfiguration:
           vhost:
             name: ""
             route:
               action: ANY
       patch:
         operation: MERGE
         value:
           rate_limits:
             - actions: # any actions in here
                   # Multiple actions nest the descriptors
                   # - generic_key:
                   # descriptor_value: "test"
               - request_headers:
                   header_name: ":path"
                   descriptor_key: "PATH"
                   # - remote_address: {}
                   # - destination_cluster: {}
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: filter-ratelimit
	namespace: dubbo-system
	spec:
	workloadSelector:
	# select by label in the same namespace
	labels:
	istio: ingressgateway
	configPatches:
	# The Envoy config you want to modify
	- applyTo: HTTP_FILTER
	match:
	context: GATEWAY
	listener:
	filterChain:
	filter:
	name: "envoy.filters.network.http_connection_manager"
	subFilter:
	name: "envoy.filters.http.router"
	patch:
	operation: INSERT_BEFORE
	value:
	name: envoy.ratelimit
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
	# domain can be anything! Match it to the ratelimter service config
	domain: productpage-ratelimit
	failure_mode_deny: true
	rate_limit_service:
	grpc_service:
	envoy_grpc:
	cluster_name: rate_limit_cluster
	timeout: 10s
	- applyTo: CLUSTER
	match:
	cluster:
	service: ratelimit.default.svc.cluster.local
	patch:
	operation: ADD
	value:
	name: rate_limit_cluster
	type: STRICT_DNS
	connect_timeout: 10s
	lb_policy: ROUND_ROBIN
	http2_protocol_options: {}
	load_assignment:
	cluster_name: rate_limit_cluster
	endpoints:
	- lb_endpoints:
	- endpoint:
	address:
	socket_address:
	address: ratelimit.default.svc.cluster.local
	port_value: 8081
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: filter-ratelimit-svc
	namespace: dubbo-system
	spec:
	workloadSelector:
	labels:
	istio: ingressgateway
	configPatches:
	- applyTo: VIRTUAL_HOST
	match:
	context: GATEWAY
	routeConfiguration:
	vhost:
	name: ""
	route:
	action: ANY
	patch:
	operation: MERGE
	value:
	rate_limits:
	- actions: # any actions in here
	# Multiple actions nest the descriptors
	# - generic_key:
	# descriptor_value: "test"
	- request_headers:
	header_name: ":path"
	descriptor_key: "PATH"
	# - remote_address: {}
	# - destination_cluster: {}