question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Request with "x-ambassador-test-allow: probably" is 200 OK

See original GitHub issue

Describe the bug I followed the rate limiting tutorial using minikube, but I don’t see 429 status codes as expected:

$ curl -i -H "x-ambassador-test-allow: probably" $AMBASSADORURL/qotm/quote/1
HTTP/1.1 200 OK
content-type: application/json
content-length: 147
server: envoy
date: Thu, 24 Jan 2019 09:30:47 GMT
x-envoy-upstream-service-time: 65

{"hostname":"qotm-7c6cccd985-4s8kg","ok":true,"quote":"A late night does not make any sense.","time":"2019-01-24T09:30:47.705604","version":"1.3"}

To Reproduce Create a new Kubernetes cluster and install Ambassador quay.io/datawire/ambassador:0.50.0-rc5.

$ minikube delete
$ minikube start
Starting local Kubernetes v1.13.2 cluster...
$ kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-rbac.yaml
$ kubectl apply -f - <<<'
apiVersion: v1
kind: Service
metadata:
  name: ambassador
spec:
  selector:
    service: ambassador
  type: NodePort
  ports:
    - port: 80
  # Propagate the original source IP of the client.
  externalTrafficPolicy: Local
'
$ AMBASSADORURL=$(minikube service --url ambassador)

Then deploy a qotm service:

$ kubectl apply -f - <<<'
---
apiVersion: v1
kind: Service
metadata:
  name: qotm
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  qotm_mapping
      prefix: /qotm/
      service: qotm
spec:
  selector:
    app: qotm
  ports:
  - port: 80
    name: http-qotm
    targetPort: http-api
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: qotm
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: qotm
    spec:
      containers:
      - name: qotm
        image: datawire/qotm:1.2
        ports:
        - name: http-api
          containerPort: 5000
        readinessProbe:
          httpGet:
            path: /health
            port: 5000
          initialDelaySeconds: 30
          periodSeconds: 3
        resources:
          limits:
            cpu: "0.1"
            memory: 100Mi
'

and ratelimit service:

$ kubectl apply -f - <<<'
---
apiVersion: v1
kind: Service
metadata:
  name: example-rate-limit
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind: RateLimitService
      name: ratelimit
      service: "example-rate-limit:5000"
spec:
  type: ClusterIP
  selector:
    app: example-rate-limit
  ports:
  - port: 5000
    name: http-example-rate-limit
    targetPort: http-api
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example-rate-limit
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: example-rate-limit
    spec:
      containers:
      - name: example-rate-limit
        image: agervais/ambassador-ratelimit-service:1.0.0
        imagePullPolicy: Always
        ports:
        - name: http-api
          containerPort: 5000
        resources:
          limits:
            cpu: "0.1"
            memory: 100Mi
'

Finally, add rate_limits to qotm service:

$ kubectl apply -f - <<<'
---
apiVersion: v1
kind: Service
metadata:
  name: qotm
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind: Mapping
      name: qotm_mapping
      prefix: /qotm/
      service: qotm
      rate_limits:
        - descriptor: A test case
          headers:
            - "x-ambassador-test-allow"
spec:
  type: ClusterIP
  selector:
    app: qotm
  ports:
  - port: 80
    name: http-qotm
    targetPort: http-api
'

Expected behavior I expect 429 status code as described in the tutorial.

Versions (please complete the following information):

  • Ambassador: 0.50.0-rc5
  • Kubernetes environment: Minikube v0.33.1
  • Version: v1.13.2

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:16 (2 by maintainers)

github_iconTop GitHub Comments

5reactions
attilaersekcommented, Aug 18, 2021

Can you reopen this issue as the rate limiting is still not working with the latest 2.0 dev version.

1reaction
travisfinchcommented, Mar 22, 2019

Maybe another idea…

Per https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/filter/http/rate_limit/v2/rate_limit.proto a “rate_limit_service” needs to be defined for the HTTP filter chain. If not specified, any calls to the rate limit service will immediately return success. On my Ambassador 0.52 from the envoy config in the container it is not there:

                                    {                                                                                                                                                                 
                                        "config": {                                                                                                                                                   
                                            "domain": "ambassador",                                                                                                                                   
                                            "request_type": "both",                                                                                                                                   
                                            "timeout": "0.020s"                                                                                                                                       
                                        },                                                                                                                                                            
                                        "name": "envoy.rate_limit"                                                                                                                                    
                                    },  

It looks like older versions of Envoy did not require this: https://www.envoyproxy.io/docs/envoy/v1.8.0/api-v2/config/filter/http/rate_limit/v2/rate_limit.proto

Read more comments on GitHub >

github_iconTop Results From Across the Web

Request with "x-ambassador-test-allow: probably" is 200 OK
Describe the bug I followed the rate limiting tutorial using minikube, but I don't see 429 status codes as expected: $ curl -i...
Read more >
python requests: how to check for "200 OK" - Stack Overflow
What is the easiest way to check whether the response received from a requests post was "200 OK" or an error has occurred?...
Read more >
rate limiting - marselester's blog
API gateway acts as a reverse proxy, routing API requests from clients to services. ... probably" -i -u bob:bob $AMBASSADORURL/v1/hotels HTTP/1.1 200 OK....
Read more >
HTTP Status Code 200: What Is the 200 "OK" Response?
Here's a simple guide to HTTP status code 200 - the "OK" response. ... status code 200 means success. The client has requested...
Read more >
HTTP Status Code 200: What Is an HTTP 200 Response Code?
If you're trying to figure out what the HTTP status code 200 error " OK " is, this is the video for you....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found