MeshRateLimit Sample POC:
$ cat mesh-a-rate-limit.yaml
apiVersion: kuma.io/v1alpha1
kind: MeshRateLimit
metadata:
name: mesh-a-rate-limit
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
targetRef:
kind: MeshSubset
proxyTypes:
- Sidecar
tags:
k8s.kuma.io/namespace: mesh-a
from:
- targetRef:
kind: Mesh
default:
local:
http:
requestRate:
num: 1
interval: 5s
onRateLimit:
status: 423
headers:
set:
- name: x-kuma-rate-limited
value: 'true'
$ k apply -f mesh-a-rate-limit.yaml
$ k exec -it -n mesh-b deployments/nginx-b -- curl -sS -o /dev/null -v nginx-a_mesh-a_svc_80.mesh:80 |grep "< HTTP"
< HTTP/1.1 200 OK
$ k exec -it -n mesh-b deployments/nginx-b -- curl -sS -o /dev/null -v nginx-a_mesh-a_svc_80.mesh:80 |grep "< HTTP"
< HTTP/1.1 423 Locked
$ k exec -it -n mesh-b deployments/nginx-b -- curl -sS -o /dev/null -v nginx-a_mesh-a_svc_80.mesh:80 |grep "< HTTP"
< HTTP/1.1 423 Locked
$ sleep 5; k exec -it -n mesh-b deployments/nginx-b -- curl -sS -o /dev/null -v nginx-a_mesh-a_svc_80.mesh:80 |grep "< HTTP"
< HTTP/1.1 200 OKNote: MeshRateLimit is the new policy matching algorithm ( different from RateLimit )
