how to use retries for local rate limiter envoy requests
I want to set up a retry policy for requests that have been restricted by the local rate limiter. The documentation states that you must add envoy-ratelimited to the retry_on field.
But somehow it doesn't work.I do not see that the statistics on retry in the admin panel increases, and the response time is instantaneous despite the 4 maximum attempts like:
My configuration is
routes:
- match:
prefix: "/app"
route:
host_rewrite_literal: app
prefix_rewrite: "/"
timeout: 15s
cluster: app
retry_policy:
retry_on: envoy-ratelimited
num_retries: 4
typed_per_filter_config:
envoy.filters.http.local_ratelimit:
"@type": type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
stat_prefix: app_ratelimit
token_bucket:
max_tokens: 5
tokens_per_fill: 5
fill_interval: 5s
filter_enabled:
runtime_key: local_rate_limit_enabled
default_value:
numerator: 100
denominator: HUNDRED
filter_enforced:
runtime_key: local_rate_limit_enforced
default_value:
numerator: 100
denominator: HUNDRED
At the moment, no any possible way.
You can only use the two listeners system proposed below:
Retry listener -> rate limit listener -> upstream
You need to configure a local rate limiter on the listener that sends the request to the upstream. Then if request from this listener will be limited by local rate limiter, then retry listener will retry this one (You need retry listener to be configured for 4xx retry_on)
- Failed calling webhook "namespace.sidecar-injector.istio.io"
- What is the difference between Istio VirtualService and Kubernetes Service?
- Invalid mount config for type "bind": bind mount source path does not exist: /home/jenkins/.docker (Istio)
- Terminate istio-proxy after cronjob completion
- Disable Istio sidecar injection to the job pod
- Is it possible to create a Redis Cluster within Kubernetes using a Istio Search Mesh?
- istio v1.11.4 - install via helm chart; how to enable envoy proxy logging?
- install istio on GKE Autopilot 1.27.3-gke.100
- How to configure the ingress gateway in istio?
- Istio Ingress Gateway with TLS termination returning 503 service unavailable
- How to override default chart values in terraform using helm provider?
- Istio virtual service regex uri is not working
- Istio Ingress does not work - only port forwarding works
- How to create prefix matches in Istio VirtualService for substring paths
- upstream connect error or disconnect/reset before headers. reset reason: connection termination when using Spring Boot
- When istio ServiceEntry with resolution "DNS" update istio's routing map?
- Kubernetes ingress controller with Istio
- Will the traffic not intercepted by istio-proxy be logged in istio-proxy?
- Keycloak admin UI with istio RequestAuthentication
- ImagePullBackOff with Istio/X when attempting to create a new Istio Ingress Gateway in 2024
- Istio Authorization Policy for peer authorization
- Simplest way to allow some services to connect to other services with Istio
- x-requext-id header propagation in keycloak
- Too many Redirections on AWS API gateway from frontend app
- Modify AccessLog for custom requests in Istio
- Istio Gateway resource created but not listed in any kubernetes namespace
- Helm with nested lists using range
- Implications of Different Cilium Configurations on Istio Integration in Kubernetes
- Istio VirtualService short name "vs" doesn't work
- Elasticsearch OIDC over HTTP