Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

global rate limiting: allow configuring enable_x_ratelimit_headers #3431

Closed
xaleeks opened this issue Mar 2, 2021 · 8 comments · Fixed by #3457
Closed

global rate limiting: allow configuring enable_x_ratelimit_headers #3431

xaleeks opened this issue Mar 2, 2021 · 8 comments · Fixed by #3457
Assignees
@skriss
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor.
Milestone
1.14.0

Comments

@xaleeks
Copy link

xaleeks commented Mar 2, 2021

Just checking, can our rate limiting feature querying capabilities like checking number of requests left and the time period in effect for current rate limits until they are reset.

Seems Envoy provide some of these APIs in v3

(extensions.filters.http.ratelimit.v3.RateLimit.XRateLimitHeadersRFCVersion) Defines the standard version to use for X-RateLimit headers emitted by the filter:

X-RateLimit-Limit - indicates the request-quota associated to the client in the current time-window followed by the description of the quota policy. The values are returned by the rate limiting service in current_limit field. Example: 10, 10;w=1;name=”per-ip”, 1000;w=3600.
X-RateLimit-Remaining - indicates the remaining requests in the current time-window. The values are returned by the rate limiting service in limit_remaining field.
X-RateLimit-Reset - indicates the number of seconds until reset of the current time-window. The values are returned by the rate limiting service in duration_until_reset field.
@xaleeks xaleeks added kind/feature Categorizes issue or PR as related to a new feature. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels Mar 2, 2021
@skriss
Copy link
Member

skriss commented Mar 2, 2021
edited

We don't enable these headers right now or expose a knob to turn them on, would be easy to add though, looks like just another boolean field to set in the filter config.

@skriss
Copy link
Member

skriss commented Mar 3, 2021

Should I consider this issue a request to add support for those?

@xaleeks
Copy link
Author

xaleeks commented Mar 3, 2021

yup, if it's not enabled then please consider this a feature request. If there are no objections to adding this, any chance we can get this in 1.14?

@skriss skriss changed the title rate limiting queries global rate limiting: allow configuring enable_x_ratelimit_headers Mar 3, 2021
@skriss skriss added this to the 1.14.0 milestone Mar 3, 2021
@skriss
Copy link
Member

skriss commented Mar 3, 2021

yup, if it's not enabled then please consider this a feature request. If there are no objections to adding this, any chance we can get this in 1.14?

Yep shouldn't be a big deal. Do you have thoughts on if these should be enabled by default?

@youngnick
Copy link
Member

I propose we add them as available but defaulted off, and see if users would like us to change that.

@skriss
Copy link
Member

skriss commented Mar 4, 2021

I propose we add them as available but defaulted off, and see if users would like us to change that.

Yep makes sense to me - @xaleeks sound good?

@skriss skriss mentioned this issue Mar 4, 2021
Merged
@skriss
Copy link
Member

skriss commented Mar 5, 2021

So it looks like Envoy intends to be able to support multiple versions of the RFC draft, if there are more versions in the future (currently only draft 3 is supported: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ratelimit/v3/rate_limit.proto#enum-extensions-filters-http-ratelimit-v3-ratelimit-xratelimitheadersrfcversion).

WDYT about simplifying this for Contour, and just making it a binary disabled (default) or enabled setting? If enabled, we'll program Envoy to use the latest RFC draft version.

While I can see the value of what Envoy's doing, I don't know that we need to expose that complexity to the Contour user.

If, in the future, we saw a need to support multiple versions, we could replace the boolean config field with a new enum one. We'd just have to go through a deprecation cycle for the config setting.

skriss added a commit to skriss/contour that referenced this issue Mar 8, 2021
@skriss
cmd/contour: add EnableXRateLimitHeaders config file setting
5f0df9f 
Adds the EnableXRateLimitHeaders field to the config file's
RateLimitService block. When set to true, adds the X-RateLimit
headers to responses that required checking the RLS.

Closes projectcontour#3431.

Signed-off-by: Steve Kriss <krisss@vmware.com>
@skriss skriss mentioned this issue Mar 8, 2021
Merged
skriss added a commit to skriss/contour that referenced this issue Mar 8, 2021
@skriss
cmd/contour: add EnableXRateLimitHeaders config file setting
9043514 
Adds the EnableXRateLimitHeaders field to the config file's
RateLimitService block. When set to true, adds the X-RateLimit
headers to responses that required checking the RLS.

Closes projectcontour#3431.

Signed-off-by: Steve Kriss <krisss@vmware.com>
@youngnick
Copy link
Member

That's a great plan @skriss. I'll check out the PR today.

skriss added a commit to skriss/contour that referenced this issue Mar 15, 2021
@skriss
cmd/contour: add EnableXRateLimitHeaders config file setting
93244c5 
Adds the EnableXRateLimitHeaders field to the config file's
RateLimitService block. When set to true, adds the X-RateLimit
headers to responses that required checking the RLS.

Closes projectcontour#3431.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit to skriss/contour that referenced this issue Mar 15, 2021
@skriss
cmd/contour: add EnableXRateLimitHeaders config file setting
8b01274 
Adds the EnableXRateLimitHeaders field to the config file's
RateLimitService block. When set to true, adds the X-RateLimit
headers to responses that required checking the RLS.

Closes projectcontour#3431.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit to skriss/contour that referenced this issue Mar 16, 2021
@skriss
cmd/contour: add EnableXRateLimitHeaders config file setting
f852d5c 
Adds the EnableXRateLimitHeaders field to the config file's
RateLimitService block. When set to true, adds the X-RateLimit
headers to responses that required checking the RLS.

Closes projectcontour#3431.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit that referenced this issue Mar 16, 2021
@skriss
cmd/contour: add EnableXRateLimitHeaders config file setting (#3457)
723081e 
Adds the EnableXRateLimitHeaders field to the config file's
RateLimitService block. When set to true, adds the X-RateLimit
headers to responses that required checking the RLS.

Closes #3431.

Signed-off-by: Steve Kriss <krisss@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skriss skriss

Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor.
Projects
None yet
Milestone
1.14.0
Development

Successfully merging a pull request may close this issue.

cmd/contour: add EnableXRateLimitHeaders config file setting skriss/contour
3 participants
@skriss @youngnick @xaleeks