Rate Limit Configuration: Compose actions#458
Conversation
|
@lyft/network-team |
| Order matters as the actions are processed sequentially and the descriptors will be composed in | ||
| that sequence. | ||
| Order matters as the actions are processed sequentially and the descriptor will be composed by | ||
| appending decriptor entries in that sequence. |
There was a problem hiding this comment.
at this point I think it would be useful to provide a small example in the docs (kind of like we do for traffic shifting).
There was a problem hiding this comment.
Good idea. I will add a section about Composing actions.
|
|
||
| The following descriptor entry is appended to the descriptor: | ||
|
|
||
| * ("to_cluster", "<:ref:`route target cluster <config_http_conn_man_route_table_route_cluster>`>") |
There was a problem hiding this comment.
I would be more verbose here in that it will be the routed cluster, which could be do to "cluster", "weighted_clusters", "cluster_header" etc.
|
|
||
| If *route_key* is set in the rate limit configuration, the following | ||
| descriptor is sent as well: | ||
| Route Key |
There was a problem hiding this comment.
I think we should rename this at this point. You have made this fully generic (nice), so it's possible to compose multiple generic strings now. I would call it something like "generic_string" etc. (you can think of a good name).
There was a problem hiding this comment.
Changed it to Rate Limit Key that will have a descriptor key of rate_limit_key
| for (const Router::RateLimitPolicyEntry& rate_limit : | ||
| rate_limit_policy.getApplicableRateLimit(config_->stage())) { | ||
| const std::string& route_key = rate_limit.routeKey(); | ||
| const std::string& route_key = rate_limit.killSwitchKey(); |
| @@ -25,14 +24,10 @@ stage | |||
| kill_switch_key | |||
| *(optional, string)* The key to be set in runtime to disable this rate limit configuration. | |||
There was a problem hiding this comment.
This might not pertain to this PR, by anyway.
the term "kill switch" seems to imply some mechanism to shutoff a system completely before it damages something. My first impression upon reading this is, something like fencing the service instance completely.
However, what you mean here is to kill off the system that limits the flow of requests and let requests flow unhindered. [I hope you see where I am going with this. The term and implication dont align well]. If at all possible, can this field be renamed to "disable_flag" or something?
There was a problem hiding this comment.
the name change sounds reasonable to me
There was a problem hiding this comment.
Updated it to disable_key
| header_name | ||
| *(required, string)* The header name to be queried from the request headers and used to | ||
| populate the descriptor value for the *descriptor_key*. | ||
| populate the descriptor entry value for the *descriptor_key*. |
There was a problem hiding this comment.
The header name to be queried from the request headers. The header's value is used to populate the value of the descriptor entry for the descriptor_key.
| *(required, string)* The type of rate limit action to perform. The currently supported action | ||
| types are *service_to_service* , *request_headers* and *remote_address*. | ||
| types are *source_cluster*, *destination_cluster* , *request_headers*, *remote_address* and | ||
| *route_key*. |
There was a problem hiding this comment.
changed it to generic_key
|
|
||
| * ("to_cluster", "<routed cluster>") | ||
|
|
||
| The routed cluster is chosen based on the :ref:`route table |
There was a problem hiding this comment.
This text is unclear. It should mention matching, and depending on the matched route, the value of cluster, weighted_clusters, etc.
|
|
||
| { | ||
| "type": "rate_limit_key", | ||
| "rate_limit_value" : "..." |
There was a problem hiding this comment.
I would rename this "value", "rate_limit_" is redundant
There was a problem hiding this comment.
changed it to descriptor_value to be consistent with other actions that set a descriptor key/value.
| create more complex rate limit descriptors, actions can be composed in any order. The descriptor | ||
| will be populated in the order the actions are specified in the configuration. | ||
|
|
||
| For example, if you wanted the following descriptor: |
| .. code-block:: json | ||
|
|
||
| { | ||
| "type": "rate_limit_key", |
There was a problem hiding this comment.
I think I would just rename this "key" or "generic_key"
To me "rate_limit_ is also redundant here and somewhat verbose.
There was a problem hiding this comment.
Renamed to generic_key
| } | ||
|
|
||
| The following descriptor is sent using the trusted address from :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`: | ||
| The following descriptor entry is zappended to the descriptor and is populated using the trusted |
There was a problem hiding this comment.
to save the day! (Fixed)
mattklein123
left a comment
There was a problem hiding this comment.
looks good after typo fix
* changed additional header name * use lowercase for header name
**Commit Message** The CLI's standalone mode needs to use Envoy Gateway's latest patch [1] that allows us to use it inside our CLI. This upgrades the EG dependency version to the latest. It is not compatible with the latest cel-go, so this also pins it to 0.22 until the upstream k8s.io/apiserver dependency [2] issue is resolved. This commit is separated from the standalone implementation commit as the upgrade results in a CRD generation which is not relevant to the change. 1: envoyproxy/gateway#5407 2: https://github.com/kubernetes/apiserver/issues/116 **Related Issues/PRs (if applicable)** This is a preparation for #458 Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
**Commit Message** This makes changes to Main function of the extproc so that it will accept context as well as args, etc to allow the callsite to fine tune the behavior of extproc. **Related Issues/PRs (if applicable)** Extracted from #458 Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
**Commit Message** This changes the translator so that it will retain the non-AI Gateay original resources and write them back into the output. This also fixes the AI Gateway Route controller so that it can support the anonymous resources that will be necessary in the translator as the EG standalone mode requires the anonymous resources. **Related Issues/PRs (if applicable)** Extracted from #458 --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
**Commit Message** This implements the `aigw run` command that runs the AI Gateway locally. This utilizes the Envoy Gateway's standalone mode [1]. With this command, users are now able to use the AI Gateway, without Docker or Kubernetes. The follow up PRs to further modify the default configuration to add more de-facto services such as ollama, and will add the command to show the default configuration. 1: https://gateway.envoyproxy.io/docs/tasks/operations/standalone-deployment-mode/ **Related Issues/PRs (if applicable)** Contributes to #412 Follow up on #498 --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
-Actions now append a descriptor entry to a descriptor
-Actions are now composed in the ordered specified in the rate limit configuration.
-Route Key has been deprecated and moved to action type Rate Limit Key.
-Kill Switch Key is now Disable Key and is used in the rate limit http filter to disable a rate limit configuration.
-Service_to_service action is broken into two action types:
source_clusteranddestination_cluster