MetaProtocol Traffic Policy
Configuration for MetaProtocol traffic rules.
ApplicationProtocol defines an application protocol built on top of MetaProtocol.
apiVersion: metaprotocol.aeraki.io/v1alpha1
kind: ApplicationProtocol
metadata:
name: dubbo
namespace: istio-system
spec:
protocol: dubbo
codec: aeraki.meta_protocol.codec.dubbo
ApplicationProtocol
ApplicationProtocol defines an application protocol built on top of MetaProtocol.
| Field |
Type |
Description |
Required |
protocol |
string |
|
No
|
codec |
string |
|
No
|
MetaRouter defines route policies for MetaProtocol proxy.
Describes match conditions and actions for routing MetaProtocol.
| Field |
Type |
Description |
Required |
name |
string |
The name assigned to the route for debugging purposes.
|
No
|
match |
MetaRouteMatch |
Match conditions to be satisfied for the rule to be activated.
All conditions inside a single match block have AND semantic.
|
No
|
route |
MetaRouteDestination[] |
A Route rule can forward (default) traffic. The forwarding target
can be one of several versions of a service (see glossary in
beginning of document). Weights associated with the service version
determine the proportion of traffic it receives.
|
No
|
requestMutation |
KeyValue[] |
Specifies a list of key-value pairs that should be mutated for each request. How to interpret the key-value pairs
depends on the codec implementation
|
No
|
responseMutation |
KeyValue[] |
Specifies a list of key-value pairs that should be mutated for each response. How to interpret the key-value pairs
depends on the codec implementation
|
No
|
KeyValue
KeyValue defines a Key /value pair.
| Field |
Type |
Description |
Required |
key |
string |
Key name.
|
Yes
|
value |
string |
alue.
|
Yes
|
| Field |
Type |
Description |
Required |
attributes |
map<string, StringMatch> |
If the value is empty and only the name of attribute is specified, presence of the attribute is checked.
|
No
|
StringMatch
Describes how to match a given string in HTTP headers. Match is
case-sensitive.
| Field |
Type |
Description |
Required |
exact |
string (oneof) |
exact string match
|
No
|
prefix |
string (oneof) |
prefix-based match
|
No
|
regex |
string (oneof) |
RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
No
|
| Field |
Type |
Description |
Required |
destination |
Destination |
Destination uniquely identifies the instances of a service
to which the request/connection should be forwarded to.
|
Yes
|
weight |
uint32 |
The proportion of traffic to be forwarded to the service
version. (0-100). Sum of weights across destinations SHOULD BE == 100.
If there is only one destination in a rule, the weight value is assumed to
be 100.
|
No
|
Destination
| Field |
Type |
Description |
Required |
host |
string |
The name of a service from the service registry. Service
names are looked up from the platform’s service registry (e.g.,
Kubernetes services, Consul services, etc.) and from the hosts
declared by ServiceEntry. Traffic
forwarded to destinations that are not found in either of the two, will be dropped.
Note for Kubernetes users: When short names are used (e.g. “reviews”
instead of “reviews.default.svc.cluster.local”), Istio will interpret
the short name based on the namespace of the rule, not the service. A
rule in the “default” namespace containing a host “reviews will be
interpreted as “reviews.default.svc.cluster.local”, irrespective of
the actual namespace associated with the reviews service. To avoid
potential misconfiguration, it is recommended to always use fully
qualified domain names over short names.
|
Yes
|
subset |
string |
The name of a subset within the service. Applicable only to services
within the mesh. The subset must be defined in a corresponding
DestinationRule.
|
No
|
port |
PortSelector |
Specifies the port on the host that is being addressed. If a service
exposes only a single port it is not required to explicitly select the
port.
|
No
|
PortSelector
PortSelector specifies the number of a port to be used for
matching or selection for final routing.
| Field |
Type |
Description |
Required |
number |
uint32 |
Valid port number
|
No
|
LocalRateLimit
LocalRateLimit defines local rate limit policies for MetaProtocol proxy
| Field |
Type |
Description |
Required |
tokenBucket |
TokenBucket |
The default token bucket configuration to use for rate limiting requests that are processed by
this filter.
Local rate limiter will first check the conditions, if a specific condition matches, then the token
bucket within that condition will be applied to the incoming request. All the other requests
that don’t match the conditions will be rate limited by the default token bucket.
If the default token bucket is not specified, then the requests that don’t match the conditions
will not be rate limited.
At least one of token_bucket or conditions should have value.
|
No
|
conditions |
Condition[] |
The more specific rate limit conditions, the first match will be used.
|
No
|
GlobalRateLimit
GlobalRateLimit configures global rate limit service for MetaProtocol proxy
| Field |
Type |
Description |
Required |
match |
MetaRouteMatch |
Match conditions to be satisfied for the rate limit rule to be activated.
All conditions inside a single match block have AND semantic.
If the match is not specified, then all the incoming requests will be considered matched.
|
Yes
|
domain |
string |
The rate limit domain to use when calling the rate limit service.
|
Yes
|
requestTimeout |
Duration |
The timeout in milliseconds for the rate limit service RPC. If not
set, this defaults to 20ms.
|
No
|
denyOnFail |
bool |
The filter’s behavior in case the rate limiting service does
not respond back. When it is set to true, Envoy will not allow traffic in case of
communication failure between rate limiting service and the proxy.
|
No
|
rateLimitService |
string |
The cluster name of the external rate limit service provider.
|
Yes
|
descriptors |
Descriptor[] |
Defines what properties in the requests should be sent to the rate limit service
|
Yes
|
LocalRateLimit.TokenBucket
Configures a token bucket which is used for rate limiting.
| Field |
Type |
Description |
Required |
maxTokens |
uint32 |
The maximum tokens that the bucket can hold. This is also the number of tokens that the bucket
initially contains. The value must be greater than 1.
|
No
|
tokensPerFill |
UInt32Value |
The number of tokens added to the bucket during each fill interval. The value must be greater than 1.
If not specified, defaults to a single token.
|
No
|
fillInterval |
Duration |
The fill interval that tokens are added to the bucket. During each fill interval
tokens_per_fill are added to the bucket. The bucket will never contain more than
max_tokens tokens.
|
Yes
|
LocalRateLimit.Condition
Condition defines a rate limit policy for a more specific condition
| Field |
Type |
Description |
Required |
match |
MetaRouteMatch |
Match conditions to be satisfied for the rate limit rule to be activated.
All conditions inside a single match block have AND semantic.
If the match is not specified, then all the incoming requests will be considered matched.
|
Yes
|
tokenBucket |
TokenBucket |
The token bucket for this particular condition
|
Yes
|
GlobalRateLimit.Descriptor
Descriptor defines the mapping between the property in the request and the descriptor key in the rate
limit server configuration
Normally the property is the same as the descriptor key, but adding a mapping layer allows more flexibility
| Field |
Type |
Description |
Required |
property |
string |
The property extracted from the requests
|
Yes
|
descriptorKey |
string |
The corresponding descriptor key in the rate limit server configuration
|
Yes
|
google.protobuf.UInt32Value
Wrapper message for uint32.
The JSON representation for UInt32Value is JSON number.
| Field |
Type |
Description |
Required |
value |
uint32 |
The uint32 value.
|
No
|
最后修改 September 19, 2022:
release 1.2.0 (433e12f)