MetaProtocol Traffic Policy

Configuration for MetaProtocol traffic rules.

ApplicationProtocol defines an application protocol built on top of MetaProtocol.

  1. apiVersion: metaprotocol.aeraki.io/v1alpha1
  2. kind: ApplicationProtocol
  3. metadata:
  4. name: dubbo
  5. namespace: istio-system
  6. spec:
  7. protocol: dubbo
  8. codec: aeraki.meta_protocol.codec.dubbo

ApplicationProtocol

ApplicationProtocol defines an application protocol built on top of MetaProtocol.

FieldTypeDescriptionRequired
protocolstringNo
codecstringNo

MetaRouter

MetaRouter defines route policies for MetaProtocol proxy.

FieldTypeDescriptionRequired
hostsstring[]No
routesMetaRoute[]No
localRateLimitLocalRateLimitNo
globalRateLimitGlobalRateLimitNo

MetaRoute

Describes match conditions and actions for routing MetaProtocol.

FieldTypeDescriptionRequired
namestring

The name assigned to the route for debugging purposes.

No
matchMetaRouteMatch

Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantic.

No
routeMetaRouteDestination[]

A Route rule can forward (default) traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.

No
requestMutationKeyValue[]

Specifies a list of key-value pairs that should be mutated for each request. How to interpret the key-value pairs depends on the codec implementation

No
responseMutationKeyValue[]

Specifies a list of key-value pairs that should be mutated for each response. How to interpret the key-value pairs depends on the codec implementation

No

KeyValue

KeyValue defines a Key /value pair.

FieldTypeDescriptionRequired
keystring

Key name.

Yes
valuestring

alue.

Yes

MetaRouteMatch

FieldTypeDescriptionRequired
attributesmap<string, StringMatch>

If the value is empty and only the name of attribute is specified, presence of the attribute is checked.

No

StringMatch

Describes how to match a given string in HTTP headers. Match is case-sensitive.

FieldTypeDescriptionRequired
exactstring (oneof)

exact string match

No
prefixstring (oneof)

prefix-based match

No
regexstring (oneof)

RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

No

MetaRouteDestination

FieldTypeDescriptionRequired
destinationDestination

Destination uniquely identifies the instances of a service to which the request/connection should be forwarded to.

Yes
weightuint32

The proportion of traffic to be forwarded to the service version. (0-100). Sum of weights across destinations SHOULD BE == 100. If there is only one destination in a rule, the weight value is assumed to be 100.

No

Destination

FieldTypeDescriptionRequired
hoststring

The name of a service from the service registry. Service names are looked up from the platform’s service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by ServiceEntry. Traffic forwarded to destinations that are not found in either of the two, will be dropped.

Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the “default” namespace containing a host “reviews will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names.

Yes
subsetstring

The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.

No
portPortSelector

Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.

No

PortSelector

PortSelector specifies the number of a port to be used for matching or selection for final routing.

FieldTypeDescriptionRequired
numberuint32

Valid port number

No

LocalRateLimit

LocalRateLimit defines local rate limit policies for MetaProtocol proxy

FieldTypeDescriptionRequired
tokenBucketTokenBucket

The default token bucket configuration to use for rate limiting requests that are processed by this filter. Local rate limiter will first check the conditions, if a specific condition matches, then the token bucket within that condition will be applied to the incoming request. All the other requests that don’t match the conditions will be rate limited by the default token bucket. If the default token bucket is not specified, then the requests that don’t match the conditions will not be rate limited. At least one of token_bucket or conditions should have value.

No
conditionsCondition[]

The more specific rate limit conditions, the first match will be used.

No

GlobalRateLimit

GlobalRateLimit configures global rate limit service for MetaProtocol proxy

FieldTypeDescriptionRequired
matchMetaRouteMatch

Match conditions to be satisfied for the rate limit rule to be activated. All conditions inside a single match block have AND semantic. If the match is not specified, then all the incoming requests will be considered matched.

Yes
domainstring

The rate limit domain to use when calling the rate limit service.

Yes
requestTimeoutDuration

The timeout in milliseconds for the rate limit service RPC. If not set, this defaults to 20ms.

No
denyOnFailbool

The filter’s behavior in case the rate limiting service does not respond back. When it is set to true, Envoy will not allow traffic in case of communication failure between rate limiting service and the proxy.

No
rateLimitServicestring

The cluster name of the external rate limit service provider.

Yes
descriptorsDescriptor[]

Defines what properties in the requests should be sent to the rate limit service

Yes

LocalRateLimit.TokenBucket

Configures a token bucket which is used for rate limiting.

FieldTypeDescriptionRequired
maxTokensuint32

The maximum tokens that the bucket can hold. This is also the number of tokens that the bucket initially contains. The value must be greater than 1.

No
tokensPerFillUInt32Value

The number of tokens added to the bucket during each fill interval. The value must be greater than 1. If not specified, defaults to a single token.

No
fillIntervalDuration

The fill interval that tokens are added to the bucket. During each fill interval tokens_per_fill are added to the bucket. The bucket will never contain more than max_tokens tokens.

Yes

LocalRateLimit.Condition

Condition defines a rate limit policy for a more specific condition

FieldTypeDescriptionRequired
matchMetaRouteMatch

Match conditions to be satisfied for the rate limit rule to be activated. All conditions inside a single match block have AND semantic. If the match is not specified, then all the incoming requests will be considered matched.

Yes
tokenBucketTokenBucket

The token bucket for this particular condition

Yes

GlobalRateLimit.Descriptor

Descriptor defines the mapping between the property in the request and the descriptor key in the rate limit server configuration Normally the property is the same as the descriptor key, but adding a mapping layer allows more flexibility

FieldTypeDescriptionRequired
propertystring

The property extracted from the requests

Yes
descriptorKeystring

The corresponding descriptor key in the rate limit server configuration

Yes

google.protobuf.UInt32Value

Wrapper message for uint32.

The JSON representation for UInt32Value is JSON number.

FieldTypeDescriptionRequired
valueuint32

The uint32 value.

No

最后修改 March 10, 2022: add reference (897f1a1)