-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ads: support envoy filter local ratelimit. #859
base: main
Are you sure you want to change the base?
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
5964c91
to
1c8d1bb
Compare
80747b0
to
17aa8b8
Compare
17aa8b8
to
e064980
Compare
Codecov ReportAttention: Patch coverage is
... and 24 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
b7ffc97
to
d12d047
Compare
api/filter/ratelimit.proto
Outdated
} | ||
*/ | ||
message LocalRateLimit { | ||
reserved 1 to 2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why reserve?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reserve for
{
"stat_prefix": ...,
"status": {...},
}
should i start token_bucket with number 1, or keep the number tag ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can start from 1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated.
api/filter/ratelimit.proto
Outdated
"enable_x_ratelimit_headers": ..., | ||
"vh_rate_limits": ..., | ||
"always_consume_default_token_bucket": {...}, | ||
"rate_limited_as_resource_exhausted": ... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if other fields not supported, please remove them. Add once we support it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just remove the comments? i copy the definition from envoy api.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First we need a proposal to better understand this implement
}; | ||
|
||
struct ratelimit_value { | ||
__u64 last_topup; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add a comment about what is this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated.
hi i have created a proposal pr in #873 |
917ece0
to
007baba
Compare
@hzxuzhonghu hi, ratelimit use the same way to cut tcp connection as circuit breaker, it can be merged after #570. |
cdf2d67
to
8b988d1
Compare
__type(value, struct ratelimit_value); | ||
__uint(max_entries, 1000); | ||
__uint(map_flags, BPF_F_NO_PREALLOC); | ||
} ratelimit_map SEC(".maps"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please keep consistent with other map name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated.
8b988d1
to
6d4e280
Compare
bpf/kmesh/ads/include/filter.h
Outdated
@@ -181,6 +182,10 @@ int filter_chain_manager(ctx_buff_t *ctx) | |||
if (filter_chain == NULL) { | |||
return KMESH_TAIL_CALL_RET(-1); | |||
} | |||
|
|||
/* ratelimit check */ | |||
Local_rate_limit__check_and_take(filter_chain, &addr, ctx); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is ratelimit on filterchain, where did you support rate limit on listener
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the ratelimit takes on filterchain, maybe i express it incorrect. The EnvoyFilter YAML object applies to the filter chain, and the rate limit configuration is defined inside the filter. A listener includes multiple filter chains. In eBPF, the listener_manager tail calls the filter_chain_manager.
6d4e280
to
854c4f6
Compare
854c4f6
to
89445c8
Compare
@@ -0,0 +1,56 @@ | |||
package extensions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add copyright
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
const LocalRateLimit = "envoy.filters.tcp.local_ratelimit" | ||
|
||
// NewLocalRateLimit constructs a new LocalRateLimit filter wrapper. | ||
func NewLocalRateLimit(filter *listenerv3.Filter) (*listener.Filter_LocalRateLimit, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any UT or E2E test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hi, i added ut tests.
89445c8
to
4a57a25
Compare
Signed-off-by: yuan <[email protected]>
4a57a25
to
33591ee
Compare
lgtm, and your test report(google doc) can be pasted here to show your test results @yuanqijing |
What type of PR is this?
support local rate limit.
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: