MetaProtocol Traffic Policy
Configuration for MetaProtocol traffic rules.
ApplicationProtocol defines an application protocol built on top of MetaProtocol.
apiVersion: metaprotocol.aeraki.io/v1alpha1
kind: ApplicationProtocol
metadata:
name: dubbo
namespace: istio-system
spec:
protocol: dubbo
codec: aeraki.meta_protocol.codec.dubbo
ApplicationProtocol
ApplicationProtocol defines an application protocol built on top of MetaProtocol.
Field | Type | Description | Required |
---|---|---|---|
protocol | string | No | |
codec | string | No |
MetaRouter
MetaRouter defines route policies for MetaProtocol proxy.
Field | Type | Description | Required |
---|---|---|---|
hosts | string[] | No | |
routes | MetaRoute[] | No | |
localRateLimit | LocalRateLimit | No | |
globalRateLimit | GlobalRateLimit | No |
MetaRoute
Describes match conditions and actions for routing MetaProtocol.
Field | Type | Description | Required |
---|---|---|---|
name | string | The name assigned to the route for debugging purposes. | No |
match | MetaRouteMatch | Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantic. | No |
route | MetaRouteDestination[] | A Route rule can forward (default) traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives. | No |
requestMutation | KeyValue[] | Specifies a list of key-value pairs that should be mutated for each request. How to interpret the key-value pairs depends on the codec implementation | No |
responseMutation | KeyValue[] | Specifies a list of key-value pairs that should be mutated for each response. How to interpret the key-value pairs depends on the codec implementation | No |
KeyValue
KeyValue defines a Key /value pair.
Field | Type | Description | Required |
---|---|---|---|
key | string | Key name. | Yes |
value | string | alue. | Yes |
MetaRouteMatch
Field | Type | Description | Required |
---|---|---|---|
attributes | map<string, StringMatch> | If the value is empty and only the name of attribute is specified, presence of the attribute is checked. | No |
StringMatch
Describes how to match a given string in HTTP headers. Match is case-sensitive.
Field | Type | Description | Required |
---|---|---|---|
exact | string (oneof) | exact string match | No |
prefix | string (oneof) | prefix-based match | No |
regex | string (oneof) | RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). | No |
MetaRouteDestination
Field | Type | Description | Required |
---|---|---|---|
destination | Destination | Destination uniquely identifies the instances of a service to which the request/connection should be forwarded to. | Yes |
weight | uint32 | The proportion of traffic to be forwarded to the service version. (0-100). Sum of weights across destinations SHOULD BE == 100. If there is only one destination in a rule, the weight value is assumed to be 100. | No |
Destination
Field | Type | Description | Required |
---|---|---|---|
host | string | The name of a service from the service registry. Service names are looked up from the platform’s service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by ServiceEntry. Traffic forwarded to destinations that are not found in either of the two, will be dropped. Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the “default” namespace containing a host “reviews will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names. | Yes |
subset | string | The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule. | No |
port | PortSelector | Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port. | No |
PortSelector
PortSelector specifies the number of a port to be used for matching or selection for final routing.
Field | Type | Description | Required |
---|---|---|---|
number | uint32 | Valid port number | No |
LocalRateLimit
LocalRateLimit defines local rate limit policies for MetaProtocol proxy
Field | Type | Description | Required |
---|---|---|---|
tokenBucket | TokenBucket | The default token bucket configuration to use for rate limiting requests that are processed by this filter. Local rate limiter will first check the conditions, if a specific condition matches, then the token bucket within that condition will be applied to the incoming request. All the other requests that don’t match the conditions will be rate limited by the default token bucket. If the default token bucket is not specified, then the requests that don’t match the conditions will not be rate limited. At least one of token_bucket or conditions should have value. | No |
conditions | Condition[] | The more specific rate limit conditions, the first match will be used. | No |
GlobalRateLimit
GlobalRateLimit configures global rate limit service for MetaProtocol proxy
Field | Type | Description | Required |
---|---|---|---|
match | MetaRouteMatch | Match conditions to be satisfied for the rate limit rule to be activated. All conditions inside a single match block have AND semantic. If the match is not specified, then all the incoming requests will be considered matched. | Yes |
domain | string | The rate limit domain to use when calling the rate limit service. | Yes |
requestTimeout | Duration | The timeout in milliseconds for the rate limit service RPC. If not set, this defaults to 20ms. | No |
denyOnFail | bool | The filter’s behavior in case the rate limiting service does not respond back. When it is set to true, Envoy will not allow traffic in case of communication failure between rate limiting service and the proxy. | No |
rateLimitService | string | The cluster name of the external rate limit service provider. | Yes |
descriptors | Descriptor[] | Defines what properties in the requests should be sent to the rate limit service | Yes |
LocalRateLimit.TokenBucket
Configures a token bucket which is used for rate limiting.
Field | Type | Description | Required |
---|---|---|---|
maxTokens | uint32 | The maximum tokens that the bucket can hold. This is also the number of tokens that the bucket initially contains. The value must be greater than 1. | No |
tokensPerFill | UInt32Value | The number of tokens added to the bucket during each fill interval. The value must be greater than 1. If not specified, defaults to a single token. | No |
fillInterval | Duration | The fill interval that tokens are added to the bucket. During each fill interval | Yes |
LocalRateLimit.Condition
Condition defines a rate limit policy for a more specific condition
Field | Type | Description | Required |
---|---|---|---|
match | MetaRouteMatch | Match conditions to be satisfied for the rate limit rule to be activated. All conditions inside a single match block have AND semantic. If the match is not specified, then all the incoming requests will be considered matched. | Yes |
tokenBucket | TokenBucket | The token bucket for this particular condition | Yes |
GlobalRateLimit.Descriptor
Descriptor defines the mapping between the property in the request and the descriptor key in the rate limit server configuration Normally the property is the same as the descriptor key, but adding a mapping layer allows more flexibility
Field | Type | Description | Required |
---|---|---|---|
property | string | The property extracted from the requests | Yes |
descriptorKey | string | The corresponding descriptor key in the rate limit server configuration | Yes |
google.protobuf.UInt32Value
Wrapper message for uint32
.
The JSON representation for UInt32Value
is JSON number.
Field | Type | Description | Required |
---|---|---|---|
value | uint32 | The uint32 value. | No |
最后修改 March 10, 2022: add reference (897f1a1)