[POC] local/global rate limiting #774
Assignees
Labels
area/api-gateway
Issues or PRs related to api-gateway
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
strekm
added
kind/feature
Merged
|
PoC documentation can be found in rate-limit-poc branch. The documentation consist of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
In scope of this POC is documentation of examples on how to configure Istio EnvoyFilters to configure rate limit. Documented examples later on will be used to design API of new CRD. CRD will be part of Istio module. It should be possible to limit workload access by:
Have in mind that rate limiting should be possible on more than 1 condition. Take into consideration that workload can be exposed and secured with API Gateway APIRule CR or directly using Istio resources. Workload might be secured with external authorizer.
Focus of this POC is local rate limiting but have in mind that in the future global rate limiting also should be possible.
Update on 30.04.
After initial tests for local rate limiting, we realised that capabilities of local rate limiting are very limited. Local rate limiting is limited to very static descriptors, which makes it impossible to support use cases such as rate limiting based on client IP in a good way. As we have not yet spent much time on this task, it was decided to also look at global rate limiting and compare global and local rate limiting.
ACs:
DoD:
- [ ] Provide unit and integration tests.- [ ] If you changed the resource limits, explain why it was needed.- [ ] If the default configuration of Istio Operator has been changed, you performed a manual upgrade test to verify that the change can be rolled out correctly.- [ ] Verify that your contributions don't decrease code coverage. If they do, explain why this is the case.- [ ] Add release notes.Attachments
part of: kyma-project/api-gateway#1365
The text was updated successfully, but these errors were encountered: