1apiVersion: config.istio.io/v1alpha2 2kind: handler 3metadata: 4 name: redishandler 5 namespace: istio-system 6spec: 7 compiledAdapter: redisquota 8 params: 9 redisServerUrl: redis-release-master:6379 10 connectionPoolSize: 10 11 quotas: 12 - name: requestcountquota.instance.istio-system 13 maxAmount: 500 14 validDuration: 1s 15 bucketDuration: 500ms 16 rateLimitAlgorithm: ROLLING_WINDOW 17 # The first matching override is applied. 18 # A requestcount instance is checked against override dimensions. 19 overrides: 20 # The following override applies to 'reviews' regardless 21 # of the source. 22 - dimensions: 23 destination: reviews 24 maxAmount: 1 25 # The following override applies to 'productpage' when 26 # the source is a specific ip address. 27 - dimensions: 28 destination: productpage 29 source: "10.28.11.20" 30 maxAmount: 500 31 # The following override applies to 'productpage' regardless 32 # of the source. 33 - dimensions: 34 destination: productpage 35 maxAmount: 2 36--- 37apiVersion: config.istio.io/v1alpha2 38kind: instance 39metadata: 40 name: requestcountquota 41 namespace: istio-system 42spec: 43 compiledTemplate: quota 44 params: 45 dimensions: 46 source: request.headers["x-forwarded-for"] | "unknown" 47 destination: destination.labels["app"] | destination.workload.name | "unknown" 48 destinationVersion: destination.labels["version"] | "unknown" 49--- 50apiVersion: config.istio.io/v1alpha2 51kind: QuotaSpec 52metadata: 53 name: request-count 54 namespace: istio-system 55spec: 56 rules: 57 - quotas: 58 - charge: 1 59 quota: requestcountquota 60--- 61apiVersion: config.istio.io/v1alpha2 62kind: QuotaSpecBinding 63metadata: 64 name: request-count 65 namespace: istio-system 66spec: 67 quotaSpecs: 68 - name: request-count 69 namespace: istio-system 70 services: 71 - name: productpage 72 namespace: default 73 # - service: '*' # Uncomment this to bind *all* services to request-count 74--- 75apiVersion: config.istio.io/v1alpha2 76kind: rule 77metadata: 78 name: quota 79 namespace: istio-system 80spec: 81 # quota only applies if you are not logged in. 82 # match: match(request.headers["cookie"], "session=*") == false 83 actions: 84 - handler: redishandler 85 instances: 86 - requestcountquota 87--- 88