diff --git a/devops/azure/chart/helm-config.yaml b/devops/azure/chart/helm-config.yaml index 2207549937fc3f60f5da4014824056b90048e880..d31515717eb72ff7d39e9a6cd8f3c4fe603a685c 100644 --- a/devops/azure/chart/helm-config.yaml +++ b/devops/azure/chart/helm-config.yaml @@ -27,3 +27,13 @@ featureFlag: - demo hpa: enabledEnvs: [] + +################################################################################ +# Specify the Rate limit Settings +# +envoyFilter: + enabled: false + rateLimit: + max_tokens: 100 + tokens_per_fill: 100 + fill_interval: 60 \ No newline at end of file diff --git a/devops/azure/chart/templates/ratelimit.yaml b/devops/azure/chart/templates/ratelimit.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e8a9f05e40e7e2765c2ae8f1cdeba72212b2305b --- /dev/null +++ b/devops/azure/chart/templates/ratelimit.yaml @@ -0,0 +1,61 @@ +# Copyright © Microsoft Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ if .Values.envoyFilter.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: {{ .Release.Name }}-ratelimit + namespace: osdu +spec: + workloadSelector: + labels: + app: {{ .Release.Name }} + configPatches: + - applyTo: HTTP_FILTER + match: + context: SIDECAR_INBOUND # will match outbound listeners in all sidecars + listener: + filterChain: + filter: + name: envoy.http_connection_manager + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.local_ratelimit + typed_config: + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit + value: + stat_prefix: http_local_rate_limiter + token_bucket: + max_tokens: {{ .Values.envoyFilter.rateLimit.max_tokens }} #The maximum tokens that the bucket can hold. + tokens_per_fill: {{ .Values.envoyFilter.rateLimit.tokens_per_fill }} #The number of tokens added to the bucket during each fill interval. + fill_interval: {{ .Values.envoyFilter.rateLimit.fill_interval }} #The fill interval that tokens are added to the bucket in seconds. + filter_enabled: + runtime_key: local_rate_limit_enabled + default_value: + numerator: 100 + denominator: HUNDRED + filter_enforced: + runtime_key: local_rate_limit_enforced + default_value: + numerator: 100 + denominator: HUNDRED + response_headers_to_add: + - append: true + header: + key: x-local-rate-limit + value: 'true' +{{ end }} \ No newline at end of file diff --git a/devops/azure/chart/values.yaml b/devops/azure/chart/values.yaml index ccbb930fa2fa7ecef233750fd7186ce42b1fedaa..3dcf6b9409053aaaf35f3eb93916bbceb8917a9b 100644 --- a/devops/azure/chart/values.yaml +++ b/devops/azure/chart/values.yaml @@ -34,3 +34,13 @@ featureFlag: - demo hpa: enabledEnvs: [] + +################################################################################ +# Specify the Rate limit Settings +# +envoyFilter: + enabled: false + rateLimit: + max_tokens: 100 + tokens_per_fill: 100 + fill_interval: 60 \ No newline at end of file