Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Global Rate Limiting with BackendTrafficPolicy #5265

Open
ryanhristovski opened this issue Feb 12, 2025 · 0 comments
Open

Support Global Rate Limiting with BackendTrafficPolicy #5265

ryanhristovski opened this issue Feb 12, 2025 · 0 comments
Assignees
@ryanhristovski
Labels
area/api API-related issues
Milestone
v1.4.0-rc.1

Comments

@ryanhristovski
Copy link
Contributor

Description:

In certain cases, users need to apply multiple ordered rate limit rules to traffic flowing through Envoy Gateway. A common example is:

  1. A global rate limit rule applied per IP at the Gateway level.
  2. A more specific rate limit rule applied per IP per backend service at the Route level.

Currently, the behaviour for merging multiple BackendTrafficPolicies (BTPs) isn’t fully defined (see this issue for more context: #1934), and that ticket will be required before full functionality of shared rate limits. The ability to apply multiple BTPs in an ordered manner would provide finer control over rate-limiting behaviour.

Updated this issue from: #5194

Example of a global ratelimit applied at the gateway level:

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
  name: global-ip-rule
spec:
  policyTargetReferences:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: my-gateway
  rateLimit:
    type: Global
    global:
      shared: true  # Applies across all routes
      rules:
      - clientSelectors:
        - sourceCIDR:
            type: "Distinct"
            value: "0.0.0.0/0"
        limit:
          requests: 10
          unit: Minute

example of a route-level rate limit at the httproute level:

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
  name: per-service-per-ip-rule
spec:
  policyTargetReferences:
    - group: gateway.networking.k8s.io
      kind: HTTPRoute
      name: my-service-route
  rateLimit:
    type: Global
    global:
      shared: false # The default value for shared
      rules:
      - clientSelectors:
        - sourceCIDR:
            type: "Distinct"
            value: "0.0.0.0/0"
        limit:
          requests: 5
          unit: Minute

API PR: #5227
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryanhristovski ryanhristovski

Labels
area/api API-related issues
Projects
None yet
Milestone
v1.4.0-rc.1
Development

No branches or pull requests
2 participants
@arkodg @ryanhristovski