| apiVersion: networking.istio.io/v1alpha3 |
| kind: EnvoyFilter |
| metadata: |
| name: filter-local-ratelimit-svc-sa |
| namespace: dubbo-system |
| spec: |
| workloadSelector: |
| labels: |
| app: srv |
| configPatches: |
| - applyTo: HTTP_FILTER |
| match: |
| context: SIDECAR_INBOUND |
| patch: |
| operation: INSERT_BEFORE |
| value: |
| name: envoy.filters.http.local_ratelimit |
| typed_config: |
| "@type": type.googleapis.com/udpa.type.v1.TypedStruct |
| type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit |
| value: |
| stat_prefix: http_local_rate_limiter |
| token_bucket: |
| max_tokens: 1000 |
| tokens_per_fill: 1000 |
| fill_interval: 1s |
| filter_enabled: |
| runtime_key: local_rate_limit_enabled |
| default_value: |
| numerator: 100 |
| denominator: HUNDRED |
| filter_enforced: |
| runtime_key: local_rate_limit_enforced |
| default_value: |
| numerator: 100 |
| denominator: HUNDRED |
| response_headers_to_add: |
| - append: false |
| header: |
| key: x-local-rate-limit |
| value: 'true' |
| descriptors: |
| - entries: |
| - key: client_id |
| value: "spiffe://cluster.local/ns/{{ .EchoNamespace }}/sa/clt" |
| token_bucket: |
| max_tokens: 1 |
| tokens_per_fill: 1 |
| fill_interval: 600s |
| - applyTo: HTTP_ROUTE |
| match: |
| context: SIDECAR_INBOUND |
| routeConfiguration: |
| vhost: |
| name: "inbound|http|80" |
| patch: |
| operation: MERGE |
| value: |
| route: |
| rate_limits: |
| - actions: |
| - extension: |
| name: custom |
| typed_config: |
| "@type": type.googleapis.com/udpa.type.v1.TypedStruct |
| type_url: type.googleapis.com/envoy.extensions.rate_limit_descriptors.expr.v3.Descriptor |
| value: |
| descriptor_key: client_id |
| text: connection.uri_san_peer_certificate |
