ratelimit.proto

Package: ratelimit.options.gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/ratelimit/ratelimit.proto

IngressRateLimit

Basic rate-limiting API

"authorizedLimits": .ratelimit.api.solo.io.RateLimit
"anonymousLimits": .ratelimit.api.solo.io.RateLimit

Field Type Description
authorizedLimits .ratelimit.api.solo.io.RateLimit
anonymousLimits .ratelimit.api.solo.io.RateLimit

Settings

"ratelimitServerRef": .core.solo.io.ResourceRef
"requestTimeout": .google.protobuf.Duration
"denyOnFail": bool
"enableXRatelimitHeaders": bool
"rateLimitBeforeAuth": bool
"grpcService": .ratelimit.options.gloo.solo.io.GrpcService

Field Type Description
ratelimitServerRef .core.solo.io.ResourceRef
requestTimeout .google.protobuf.Duration
denyOnFail bool
enableXRatelimitHeaders bool Set this to true to return Envoy’s X-RateLimit headers to the downstream. reference docs here: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ratelimit/v3/rate_limit.proto.html#envoy-v3-api-field-extensions-filters-http-ratelimit-v3-ratelimit-enable-x-ratelimit-headers.
rateLimitBeforeAuth bool Set this is set to true if you would like to rate limit traffic before applying external auth to it. Note: When this is true, you will lose some features like being able to rate limit a request based on its auth state.
grpcService .ratelimit.options.gloo.solo.io.GrpcService Optional gRPC settings used when calling the ratelimit server.

GrpcService

"authority": string

Field Type Description
authority string Set the authority header when calling the gRPC service.

ServiceSettings

API based on Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Sample configuration below:

descriptors:

"descriptors": []ratelimit.api.solo.io.Descriptor
"setDescriptors": []ratelimit.api.solo.io.SetDescriptor

Field Type Description
descriptors []ratelimit.api.solo.io.Descriptor
setDescriptors []ratelimit.api.solo.io.SetDescriptor

RateLimitConfigRefs

A list of references to RateLimitConfig resources. Each resource represents a rate limit policy that will be independently enforced.

"refs": []ratelimit.options.gloo.solo.io.RateLimitConfigRef

Field Type Description
refs []ratelimit.options.gloo.solo.io.RateLimitConfigRef

RateLimitConfigRef

A reference to a RateLimitConfig resource.

"name": string
"namespace": string

Field Type Description
name string
namespace string

RateLimitVhostExtension

Use this field if you want to inline the Envoy rate limits for this VirtualHost. Note that this does not configure the rate limit server. If you are running Gloo Enterprise, you need to specify the server configuration via the appropriate field in the Gloo Settings resource. If you are running a custom rate limit server you need to configure it yourself.

"rateLimits": []ratelimit.api.solo.io.RateLimitActions
"localRatelimit": .local_ratelimit.options.gloo.solo.io.TokenBucket

Field Type Description
rateLimits []ratelimit.api.solo.io.RateLimitActions Define individual rate limits here. Each rate limit will be evaluated, if any rate limit would be throttled, the entire request returns a 429 (gets throttled).
localRatelimit .local_ratelimit.options.gloo.solo.io.TokenBucket The token bucket configuration to use for local rate limiting requests. These options provide the ability to locally rate limit the connections in envoy. Each request processed by the filter consumes a single token. If the token is available, the request will be allowed. If no tokens are available, the request will receive the configured rate limit status. This overrides any local rate limit configured on the gateway and requests to this vHost do not count against requests to the gateway’s http local rate limit. All routes that are part of this vHost will share this rate limit unless explicity configured with another limit.

RateLimitRouteExtension

Use this field if you want to inline the Envoy rate limits for this Route. Note that this does not configure the rate limit server. If you are running Gloo Enterprise, you need to specify the server configuration via the appropriate field in the Gloo Settings resource. If you are running a custom rate limit server you need to configure it yourself.

"includeVhRateLimits": bool
"rateLimits": []ratelimit.api.solo.io.RateLimitActions
"localRatelimit": .local_ratelimit.options.gloo.solo.io.TokenBucket

Field Type Description
includeVhRateLimits bool Whether or not to include rate limits as defined on the VirtualHost in addition to rate limits on the Route.
rateLimits []ratelimit.api.solo.io.RateLimitActions Define individual rate limits here. Each rate limit will be evaluated, if any rate limit would be throttled, the entire request returns a 429 (gets throttled).
localRatelimit .local_ratelimit.options.gloo.solo.io.TokenBucket The token bucket configuration to use for local rate limiting requests. These options provide the ability to locally rate limit the connections in envoy. Each request processed by the filter consumes a single token. If the token is available, the request will be allowed. If no tokens are available, the request will receive the configured rate limit status. This overrides any local rate limit configured on the vHost or gateway and requests to this route do not count against requests to the vHost or gateway’s http local rate limit.