MetaProtocol Traffic Policy

Configuration for MetaProtocol traffic rules.

ApplicationProtocol defines an application protocol built on top of MetaProtocol.

apiVersion: metaprotocol.aeraki.io/v1alpha1
kind: ApplicationProtocol
metadata:
  name: dubbo
  namespace: istio-system
spec:
  protocol: dubbo
  codec: aeraki.meta_protocol.codec.dubbo

ApplicationProtocol

ApplicationProtocol defines an application protocol built on top of MetaProtocol.

Field	Type	Description	Required
`protocol`	`string`		No
`codec`	`string`		No

MetaRouter

MetaRouter defines route policies for MetaProtocol proxy.

Field	Type	Required
`hosts`	`string[]`	No
`routes`	`MetaRoute[]`	No
`localRateLimit`	`LocalRateLimit`	No
`globalRateLimit`	`GlobalRateLimit`	No

MetaRoute

Describes match conditions and actions for routing MetaProtocol.

Field	Type	Description	Required
`name`	`string`	The name assigned to the route for debugging purposes.	No
`match`	`MetaRouteMatch`	Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantic.	No
`route`	`MetaRouteDestination[]`	A Route rule can forward (default) traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.	No
`requestMutation`	`KeyValue[]`	Specifies a list of key-value pairs that should be mutated for each request. How to interpret the key-value pairs depends on the codec implementation	No
`responseMutation`	`KeyValue[]`	Specifies a list of key-value pairs that should be mutated for each response. How to interpret the key-value pairs depends on the codec implementation	No

KeyValue

KeyValue defines a Key /value pair.

Field	Type	Description	Required
`key`	`string`	Key name.	Yes
`value`	`string`	alue.	Yes

MetaRouteMatch

Field	Type	Description	Required
`attributes`	`map<string, StringMatch>`	If the value is empty and only the name of attribute is specified, presence of the attribute is checked.	No

StringMatch

Describes how to match a given string in HTTP headers. Match is case-sensitive.

Field	Type	Description	Required
`exact`	`string (oneof)`	exact string match	No
`prefix`	`string (oneof)`	prefix-based match	No
`regex`	`string (oneof)`	RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).	No

MetaRouteDestination

Field	Type	Description	Required
`destination`	`Destination`	Destination uniquely identifies the instances of a service to which the request/connection should be forwarded to.	Yes
`weight`	`uint32`	The proportion of traffic to be forwarded to the service version. (0-100). Sum of weights across destinations SHOULD BE == 100. If there is only one destination in a rule, the weight value is assumed to be 100.	No

Destination

Field Type Description Required

Field	Type	Description	Required
`host`	`string`	The name of a service from the service registry. Service names are looked up from the platform’s service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by ServiceEntry. Traffic forwarded to destinations that are not found in either of the two, will be dropped. Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the “default” namespace containing a host “reviews will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names.	Yes
`subset`	`string`	The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.	No
`port`	`PortSelector`	Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.	No

host

string

The name of a service from the service registry. Service names are looked up from the platform’s service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by ServiceEntry. Traffic forwarded to destinations that are not found in either of the two, will be dropped.

Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the “default” namespace containing a host “reviews will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names.

Yes

subset

string

The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.

port

PortSelector

Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.

PortSelector

PortSelector specifies the number of a port to be used for matching or selection for final routing.

Field	Type	Description	Required
`number`	`uint32`	Valid port number	No

LocalRateLimit

LocalRateLimit defines local rate limit policies for MetaProtocol proxy

Field	Type	Description	Required
`tokenBucket`	`TokenBucket`	The default token bucket configuration to use for rate limiting requests that are processed by this filter. Local rate limiter will first check the conditions, if a specific condition matches, then the token bucket within that condition will be applied to the incoming request. All the other requests that don’t match the conditions will be rate limited by the default token bucket. If the default token bucket is not specified, then the requests that don’t match the conditions will not be rate limited. At least one of token_bucket or conditions should have value.	No
`conditions`	`Condition[]`	The more specific rate limit conditions, the first match will be used.	No

GlobalRateLimit

GlobalRateLimit configures global rate limit service for MetaProtocol proxy

Field	Type	Description	Required
`match`	`MetaRouteMatch`	Match conditions to be satisfied for the rate limit rule to be activated. All conditions inside a single match block have AND semantic. If the match is not specified, then all the incoming requests will be considered matched.	Yes
`domain`	`string`	The rate limit domain to use when calling the rate limit service.	Yes
`requestTimeout`	`Duration`	The timeout in milliseconds for the rate limit service RPC. If not set, this defaults to 20ms.	No
`denyOnFail`	`bool`	The filter’s behavior in case the rate limiting service does not respond back. When it is set to true, Envoy will not allow traffic in case of communication failure between rate limiting service and the proxy.	No
`rateLimitService`	`string`	The cluster name of the external rate limit service provider.	Yes
`descriptors`	`Descriptor[]`	Defines what properties in the requests should be sent to the rate limit service	Yes

LocalRateLimit.TokenBucket

Configures a token bucket which is used for rate limiting.

Field	Type	Description	Required
`maxTokens`	`uint32`	The maximum tokens that the bucket can hold. This is also the number of tokens that the bucket initially contains. The value must be greater than 1.	No
`tokensPerFill`	`UInt32Value`	The number of tokens added to the bucket during each fill interval. The value must be greater than 1. If not specified, defaults to a single token.	No
`fillInterval`	`Duration`	The fill interval that tokens are added to the bucket. During each fill interval `tokens_per_fill` are added to the bucket. The bucket will never contain more than `max_tokens` tokens.	Yes

LocalRateLimit.Condition

Condition defines a rate limit policy for a more specific condition

Field	Type	Description	Required
`match`	`MetaRouteMatch`	Match conditions to be satisfied for the rate limit rule to be activated. All conditions inside a single match block have AND semantic. If the match is not specified, then all the incoming requests will be considered matched.	Yes
`tokenBucket`	`TokenBucket`	The token bucket for this particular condition	Yes

GlobalRateLimit.Descriptor

Descriptor defines the mapping between the property in the request and the descriptor key in the rate limit server configuration Normally the property is the same as the descriptor key, but adding a mapping layer allows more flexibility

Field	Type	Description	Required
`property`	`string`	The property extracted from the requests	Yes
`descriptorKey`	`string`	The corresponding descriptor key in the rate limit server configuration	Yes

google.protobuf.UInt32Value

Wrapper message for uint32.

The JSON representation for UInt32Value is JSON number.

Field	Type	Description	Required
`value`	`uint32`	The uint32 value.	No

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

最后修改 September 19, 2022: release 1.2.0 (433e12f)