I am trying to add local rate limit filter to front-proxy example. The default token bucket works as expected, but local descriptor's token bucket doesn't.
Here is my route_config changes in front-envoy.yaml:
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "*"
routes:
- match:
prefix: "/service/2"
route:
cluster: service2
- match:
prefix: "/service/1"
route:
cluster: service1
rate_limits:
- actions:
# https://www.envoyproxy.io/docs/envoy/v1.18.2/api-v3/config/route/v3/route_components.proto#envoy-v3-api-msg-config-route-v3-ratelimit-action-requestheaders
- request_headers:
header_name: ":path"
descriptor_key: path
typed_per_filter_config:
envoy.filters.http.local_ratelimit:
"@type": type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
stat_prefix: http_local_rate_limiter
# if there is no matching descriptor entries, the default token bucket is used
token_bucket:
max_tokens: 3
tokens_per_fill: 3
fill_interval: 60s
filter_enabled:
default_value:
numerator: 100
denominator: HUNDRED
filter_enforced:
default_value:
numerator: 100
denominator: HUNDRED
descriptors:
- entries:
- key: path
value: /service/1/foo/bar
token_bucket:
max_tokens: 1
tokens_per_fill: 1
fill_interval: 60s
I send 4 times curl -v localhost:8080/service/1/foo/bar and expect a 429 response on the second request, to match up a local descriptor.
But I got a 429 response only on the 4th attempt: there is no matching descriptor entries, the default token bucket is used.
