Skip to content

Ratelimit is broken when using shared=true in ratelimit rule without client selectors #6070

New issue
New issue
Closed
Closed
Ratelimit is broken when using shared=true in ratelimit rule without client selectors#6070
Labels
kind/bugSomething isn't workingstaletriage
@Tharsanan1

Description

@Tharsanan1
Tharsanan1
opened on May 14, 2025

Description:

Hi,

I am testing ratelimit shared bucket(#5944) functionality in EG 1.4.0. When the BackendTrafficPolicy rule has clientSelectors this functionality works fine. But when i try to achieve ratelimit on all requests (https://gateway.envoyproxy.io/docs/tasks/traffic/global-rate-limit/#rate-limit-all-requests) with shared = true, ratelimit functionality does not work.
these are my httproute and backendtrafficpolicy

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: backend-2
  annotations:
    gateway.envoyproxy.io/foo: bar111222333444
  labels:
    env: production2
spec:
  parentRefs:
    - name: eg
  hostnames:
    - "www.example2.com"
  rules:
    - backendRefs:
        - group: ""
          kind: Service
          name: backend
          port: 3000
          weight: 1
      matches:
        - path:
            type: PathPrefix
            value: /app
        - path:
            type: PathPrefix
            value: /hello
        - path:
            type: PathPrefix
            value: /checkkkkkk
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy 
metadata:
  name: policy-httproute
spec:
  targetRefs:
  - name: backend-2
    kind: HTTPRoute
    group: gateway.networking.k8s.io
  rateLimit:
    type: Global
    global:
      rules:
      - limit:
          requests: 30
          unit: Minute
        shared: true

this is what i see in the envoyproxy config dump

"dynamic_route_configs": [
    {
     "version_info": "2c7a931d60cc7e8e71518775c6a8da2edcdd8fc41c3373aba4f98c9e62a6b27b",
     "route_config": {
      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
      "name": "default/eg/http",
      "virtual_hosts": [
       {
        "name": "default/eg/http/www_example2_com",
        "domains": [
         "www.example2.com"
        ],
        "routes": [
         {
          "match": {
           "path_separated_prefix": "/checkkkkkk"
          },
          "route": {
           "cluster": "httproute/default/backend-2/rule/0",
           "rate_limits": [
            {
             "actions": [
              {
               "generic_key": {
                "descriptor_value": "default/policy-httproute/rule/0",
                "descriptor_key": "default/policy-httproute/rule/0"
               }
              },
              {
               "generic_key": {
                "descriptor_value": "rule-0-match--1",
                "descriptor_key": "rule-0-match--1"
               }
              }
             ]
            }
           ],
           "upgrade_configs": [
            {
             "upgrade_type": "websocket"
            }
           ]
          },

This is the rlconfig from ratelimit server

default/policy-httproute.default/policy-httproute/rule/0_default/policy-httproute/rule/0.default/policy-httproute/rule/0_default/policy-httproute/rule/0: unit=MINUTE requests_per_unit=30, shadow_mode: false

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't workingstaletriage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions