Ratelimit
Package: ratelimit.options.gloo.solo.io
Types:
- IngressRateLimit
- Settings
- GrpcService
- ServiceSettings
- RateLimitConfigRefs
- RateLimitConfigRef
- RateLimitVhostExtension
- RateLimitRouteExtension
Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/ratelimit/ratelimit.proto
IngressRateLimit
Basic rate-limiting API
"authorizedLimits": .ratelimit.api.solo.io.RateLimit
"anonymousLimits": .ratelimit.api.solo.io.RateLimit
Field | Type | Description |
---|---|---|
authorizedLimits |
.ratelimit.api.solo.io.RateLimit | |
anonymousLimits |
.ratelimit.api.solo.io.RateLimit |
Settings
"ratelimitServerRef": .core.solo.io.ResourceRef
"requestTimeout": .google.protobuf.Duration
"denyOnFail": bool
"enableXRatelimitHeaders": bool
"rateLimitBeforeAuth": bool
"grpcService": .ratelimit.options.gloo.solo.io.GrpcService
Field | Type | Description |
---|---|---|
ratelimitServerRef |
.core.solo.io.ResourceRef | |
requestTimeout |
.google.protobuf.Duration | |
denyOnFail |
bool |
|
enableXRatelimitHeaders |
bool |
Set this to true to return Envoy’s X-RateLimit headers to the downstream. reference docs here: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ratelimit/v3/rate_limit.proto.html#envoy-v3-api-field-extensions-filters-http-ratelimit-v3-ratelimit-enable-x-ratelimit-headers. |
rateLimitBeforeAuth |
bool |
Set this is set to true if you would like to rate limit traffic before applying external auth to it. Note: When this is true, you will lose some features like being able to rate limit a request based on its auth state. |
grpcService |
.ratelimit.options.gloo.solo.io.GrpcService | Optional gRPC settings used when calling the ratelimit server. |
GrpcService
"authority": string
Field | Type | Description |
---|---|---|
authority |
string |
Set the authority header when calling the gRPC service. |
ServiceSettings
API based on Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Sample configuration below:
descriptors:
- key: account_id descriptors:
- key: plan value: BASIC rateLimit: requestsPerUnit: 1 unit: MINUTE
- key: plan value: PLUS rateLimit: requestsPerUnit: 20 unit: MINUTE
"descriptors": []ratelimit.api.solo.io.Descriptor
"setDescriptors": []ratelimit.api.solo.io.SetDescriptor
Field | Type | Description |
---|---|---|
descriptors |
[]ratelimit.api.solo.io.Descriptor | |
setDescriptors |
[]ratelimit.api.solo.io.SetDescriptor |
RateLimitConfigRefs
A list of references to RateLimitConfig
resources.
Each resource represents a rate limit policy that will be independently enforced.
"refs": []ratelimit.options.gloo.solo.io.RateLimitConfigRef
Field | Type | Description |
---|---|---|
refs |
[]ratelimit.options.gloo.solo.io.RateLimitConfigRef |
RateLimitConfigRef
A reference to a RateLimitConfig
resource.
"name": string
"namespace": string
Field | Type | Description |
---|---|---|
name |
string |
|
namespace |
string |
RateLimitVhostExtension
Use this field if you want to inline the Envoy rate limits for this VirtualHost.
Note that this does not configure the rate limit server. If you are running Gloo Enterprise, you need to
specify the server configuration via the appropriate field in the Gloo Settings
resource. If you are
running a custom rate limit server you need to configure it yourself.
"rateLimits": []ratelimit.api.solo.io.RateLimitActions
"localRatelimit": .local_ratelimit.options.gloo.solo.io.TokenBucket
Field | Type | Description |
---|---|---|
rateLimits |
[]ratelimit.api.solo.io.RateLimitActions | Define individual rate limits here. Each rate limit will be evaluated, if any rate limit would be throttled, the entire request returns a 429 (gets throttled). |
localRatelimit |
.local_ratelimit.options.gloo.solo.io.TokenBucket | The token bucket configuration to use for local rate limiting requests. These options provide the ability to locally rate limit the connections in envoy. Each request processed by the filter consumes a single token. If the token is available, the request will be allowed. If no tokens are available, the request will receive the configured rate limit status. This overrides any local rate limit configured on the gateway and requests to this vHost do not count against requests to the gateway’s http local rate limit. All routes that are part of this vHost will share this rate limit unless explicity configured with another limit. |
RateLimitRouteExtension
Use this field if you want to inline the Envoy rate limits for this Route.
Note that this does not configure the rate limit server. If you are running Gloo Enterprise, you need to
specify the server configuration via the appropriate field in the Gloo Settings
resource. If you are
running a custom rate limit server you need to configure it yourself.
"includeVhRateLimits": bool
"rateLimits": []ratelimit.api.solo.io.RateLimitActions
"localRatelimit": .local_ratelimit.options.gloo.solo.io.TokenBucket
Field | Type | Description |
---|---|---|
includeVhRateLimits |
bool |
Whether or not to include rate limits as defined on the VirtualHost in addition to rate limits on the Route. |
rateLimits |
[]ratelimit.api.solo.io.RateLimitActions | Define individual rate limits here. Each rate limit will be evaluated, if any rate limit would be throttled, the entire request returns a 429 (gets throttled). |
localRatelimit |
.local_ratelimit.options.gloo.solo.io.TokenBucket | The token bucket configuration to use for local rate limiting requests. These options provide the ability to locally rate limit the connections in envoy. Each request processed by the filter consumes a single token. If the token is available, the request will be allowed. If no tokens are available, the request will receive the configured rate limit status. This overrides any local rate limit configured on the vHost or gateway and requests to this route do not count against requests to the vHost or gateway’s http local rate limit. |