Rate limiting can be added to Workloads by configuring an endpoint which serves the Envoy Rate Limit project. This endpoint receives a rate limit request from a configured Workload and decides if the request should be limited.
Follow the steps below to configure your Workload with a rate limiting policy.
Envoy's Rate Limit project is deployed as a Workload at Control Plane and requires a local Redis Workload.
Follow the steps below to download and apply a YAML manifiest file which will deploy, create, and configure:
envoyproxy/ratelimit deployment can be obtained here.
The downloaded YAML manifest file uses the image
envoyproxy/ratelimit:5b6e65da. If there is a newer tag, it can be substituted in
the YAML file before executing the
cpln apply command.
The rate limit config file is stored as an opaque secret
ratelimit-config that was created when applying the YAML manifest file.
The configuration that was deployed with the manifest file sets a limit of 10 requests per minute for any
request that contains an
authorization header (see sample config below).
To adjust the rate limit per your requirments, use the UI or CLI to edit the
ratelimit-config secret using the pattern
copydomain: cplndescriptors:- key: authorizationrate_limit:unit: minuterequests_per_unit: 10
NOTE: After saving the updated secret, it's recommended to perform a
Force Redeploy of the
ratelimit Workload to reload the
Global Endpoint of the Rate Limiting Workload that was configured in step one. This endpoint
can be obtained by browsing to the
Info page of the
ratelimit Workload. Do not include the
After saving these tags and the Workload has deployed successfuly, the rate limits defined within the config file will be enforced. If a client hits the limit, an HTTP 429 (Too Many Requests) response will be returned.