MeshRateLimit (beta)

    This policy enables per-instance service request limiting. Policy supports ratelimiting of HTTP/HTTP2 requests and TCP connections.

    The MeshRateLimit policy leverages Envoy’s local rate limiting for HTTP/HTTP2 and for TCP connections.

    You can configure:

    • how many HTTP requests are allowed in a specified time period
    • how the HTTP service responds when the limit is reached

    Rate limiting supports an ExternalService only when ZoneEgress is enabled.

    To learn more about the information in this table, see the matching docs.

    The MeshRateLimit policy supports both L4/TCP and L7/HTTP limiting. Envoy implements Token Bucket algorithm for rate limiting.

    • disabled - (optional) - should rate limiting policy be disabled
    • requestRate - configuration of the number of requests in the specific time window
      • num - the number of requests to limit
      • interval - the interval for which requests will be limited
    • (optional) - actions to take on RateLimit event
      • status (optional) - the status code to return, defaults to 429
      • headers - (optional) headers which should be added to every rate limited response

    Headers

    • set - (optional) - list of headers to set. Overrides value if the header exists.
      • name - header’s name
      • value - header’s value
    • - (optional) - should rate limiting policy be disabled
    • connectionRate - configuration of the number of connections in the specific time window
      • num - the number of requests to limit
      • interval - the interval for which connections will be limited

    We will apply the configuration with kubectl apply -f [..].

    We will apply the configuration with kumactl apply -f [..] or via the .

    We will apply the configuration with kubectl apply -f [..].