Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ratelimit Domain should use Gateway class instead of Listener #3678

Open
nezdolik opened this issue Jun 26, 2024 · 6 comments · May be fixed by #3771
Open

Ratelimit Domain should use Gateway class instead of Listener #3678

nezdolik opened this issue Jun 26, 2024 · 6 comments · May be fixed by #3771
Assignees
@sanposhiho
Labels
help wanted Extra attention is needed kind/bug Something isn't working
Milestone
v1.1.0

Comments

@nezdolik
Copy link
Member

Description:
EG currently uses Listener as domain for Ratelimit service config. It should instead use Gateway class not to override RL config for a case when when multiple Envoy deployments with diff gateway classes use same RL instance.

Repro steps:

Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.

Note: If there are privacy concerns, sanitize the data prior to
sharing.

Environment:

Include the environment like gateway version, envoy version and so on.

Logs:

Include the access logs and the Envoy logs.
@nezdolik
Copy link
Member Author

cc @ryanhristovski

@arkodg
Copy link
Contributor

arkodg commented Jun 26, 2024

@nezdolik i'm curious why this is happening, im trying to better understand the collision
can you share a snippet of the config dump especially the portion of the RateLimit filter section where the domain is specified.

The IR Listener name has the Gateway name and namespace part of it

gateway/internal/gatewayapi/helpers.go

Line 360 in d784c32

return fmt.Sprintf("%s/%s/%s", listener.gateway.Namespace, listener.gateway.Name, listener.Name)

and I dont think 1 Gateway can be mapped to multiple GatewayClass parents, so unsure whats happening here

@arkodg
Copy link
Contributor

arkodg commented Jun 26, 2024

okay found the problem, the ratelimit runner is treating every subscribed message as SoTW

gateway/internal/globalratelimit/runner/runner.go

Line 124 in d784c32

// Translate to ratelimit xDS Config.

but the publisher / gateway-api runner is sending individual messages per gatewayclass

gateway/internal/gatewayapi/runner/runner.go

Line 81 in d784c32

for _, resources := range *val {

@arkodg arkodg added kind/bug Something isn't working help wanted Extra attention is needed and removed triage labels Jun 26, 2024
@arkodg arkodg added this to the v1.1.0-rc1 milestone Jun 26, 2024
@arkodg
Copy link
Contributor

arkodg commented Jun 26, 2024

the ratelimit runner will need to perform some additional accounting similar to what gateway-api runner does

gateway/internal/gatewayapi/runner/runner.go

Line 68 in d784c32

// IR keys for watchable

@arkodg arkodg modified the milestones: v1.1.0-rc1, v1.1.0 Jul 3, 2024
@sanposhiho
Copy link
Contributor

/assign

@sanposhiho sanposhiho linked a pull request Jul 7, 2024 that will close this issue
Open
@sanposhiho
Copy link
Contributor

Opened a patch PR: #3771

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sanposhiho sanposhiho

Labels
help wanted Extra attention is needed kind/bug Something isn't working
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging a pull request may close this issue.

fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR sanposhiho/gateway
3 participants
@arkodg @nezdolik @sanposhiho