apiVersion: config.istio.io/v1alpha2 kind: handler metadata: name: redishandler namespace: istio-system spec: compiledAdapter: redisquota params: redisServerUrl: redis-release-master:6379 connectionPoolSize: 10 quotas: - name: requestcountquota.instance.istio-system maxAmount: 500 validDuration: 1s bucketDuration: 500ms rateLimitAlgorithm: ROLLING_WINDOW # The first matching override is applied. # A requestcount instance is checked against override dimensions. overrides: # The following override applies to 'reviews' regardless # of the source. - dimensions: destination: reviews maxAmount: 1 # The following override applies to 'productpage' when # the source is a specific ip address. - dimensions: destination: productpage source: "10.28.11.20" maxAmount: 500 # The following override applies to 'productpage' regardless # of the source. - dimensions: destination: productpage maxAmount: 2 --- apiVersion: config.istio.io/v1alpha2 kind: instance metadata: name: requestcountquota namespace: istio-system spec: compiledTemplate: quota params: dimensions: source: request.headers["x-forwarded-for"] | "unknown" destination: destination.labels["app"] | destination.workload.name | "unknown" destinationVersion: destination.labels["version"] | "unknown" --- apiVersion: config.istio.io/v1alpha2 kind: QuotaSpec metadata: name: request-count namespace: istio-system spec: rules: - quotas: - charge: 1 quota: requestcountquota --- apiVersion: config.istio.io/v1alpha2 kind: QuotaSpecBinding metadata: name: request-count namespace: istio-system spec: quotaSpecs: - name: request-count namespace: istio-system services: - name: productpage namespace: default # - service: '*' # Uncomment this to bind *all* services to request-count --- apiVersion: config.istio.io/v1alpha2 kind: rule metadata: name: quota namespace: istio-system spec: # quota only applies if you are not logged in. # match: match(request.headers["cookie"], "session=*") == false actions: - handler: redishandler instances: - requestcountquota ---