Setup Global Rate Limiting with Istio/Redis
Goal
Currently we have rate-limiting set at the Traefik level, however in order to achieve global rate limiting we can use Istio and Redis. This entails integrating with Envoy's reference ratelimit service and applying Envoy's native rate limit actions with an EnvoyFilter resource.
https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/
What needs to be done
- Deploy Envoy's reference
ratelimitservice - Create an Envoy rate limit rule in a ConfigMap
- Apply an
EnvoyFilterto the Traefik pods making use of the rule.
QA
We can test by sending multiple requests an succession to exceed the rate limit, which would then block further requests.
UX/Design
N/A
Personas
N/A
Experiments
N/A
Acceptance Criteria
-
Global rate limiting is in place -
New redis cluster -
Test is added ensuring rate limiting is functioning
Definition of Ready Checklist
-
Definition Of Done (DoD) -
Acceptance criteria -
Weighted -
QA -
UX/Design -
Personas -
Experiments
Setup
Edited by Mark Harding