Hi,
I am using ratelimit envoyproxy service in conjunction with istio to perform the global rate-limit service in the istio-ingressgateway pods that are in front of my infrastructure inside a kubernetes cluster.
My goal is to be able to get the IPs that are being rate limited and store them in prometheus and use some process that
can read from prom and do some logic, like ban those IPs permanently via a cloud service like Google cloud Armor or one alike.
I am using this action in my "rate_limits filter"
- actions:
- request_headers:
descriptor_key: remote_address_second
header_name: x-envoy-external-address
- destination_cluster: {}
So this is what in redis store looks like
entrypoint-v1-entrypoint_remote_address_second_188.2.75.xx_destination_cluster_outbound|80||$this_is_the_destination_cluster_1627892892
But with statsd-prom-exporter activated in prometheus I am able to see just this ( there is no IP ) so I can't have all the dimensions in the metric
ratelimit.service.rate_limit.entrypoint-v1-entrypoint.remote_address_minute.destination_cluster_outbound|80||$this_is_the_destination_cluster.over_limit: 62
Is there any way I can "see" in statsd ( :6070/stats ) the rate limit actions in the metric? being in this case the IP ( header x-envoy-external-address )
Is there any modification needed in this code to achieve that?
Hi,
I am using ratelimit envoyproxy service in conjunction with istio to perform the global rate-limit service in the istio-ingressgateway pods that are in front of my infrastructure inside a kubernetes cluster.
My goal is to be able to get the IPs that are being rate limited and store them in prometheus and use some process that
can read from prom and do some logic, like ban those IPs permanently via a cloud service like Google cloud Armor or one alike.
I am using this action in my "rate_limits filter"
So this is what in redis store looks like
entrypoint-v1-entrypoint_remote_address_second_188.2.75.xx_destination_cluster_outbound|80||$this_is_the_destination_cluster_1627892892But with statsd-prom-exporter activated in prometheus I am able to see just this ( there is no IP ) so I can't have all the dimensions in the metric
ratelimit.service.rate_limit.entrypoint-v1-entrypoint.remote_address_minute.destination_cluster_outbound|80||$this_is_the_destination_cluster.over_limit: 62Is there any way I can "see" in statsd ( :6070/stats ) the rate limit actions in the metric? being in this case the IP ( header x-envoy-external-address )
Is there any modification needed in this code to achieve that?