Make default hitsAddend minimum value configurable #729
Conversation
gcalmettes
force-pushed
the
feat/configurable-base-hitsaddend
branch
2 times, most recently
from
c53c751 to
cf05af4
Compare
Signed-off-by: Guillaume Calmettes <[email protected]>
gcalmettes
force-pushed
the
feat/configurable-base-hitsaddend
branch
from
cf05af4 to
1a05a5a
Compare
|
@envoyproxy/ratelimit-maintainers @zirain I tried to ping |
|
I think @mattklein123 is the person, hope he have some free slot to review. |
|
Any chance you could take a look @mattklein123 ? Thanks a lot. |
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
|
commenting to prevent automatic closing by stale-bot |
| @@ -106,6 +106,7 @@ type Settings struct { | |||
| CacheKeyPrefix string `envconfig:"CACHE_KEY_PREFIX" default:""` | |||
| BackendType string `envconfig:"BACKEND_TYPE" default:"redis"` | |||
| StopCacheKeyIncrementWhenOverlimit bool `envconfig:"STOP_CACHE_KEY_INCREMENT_WHEN_OVERLIMIT" default:"false"` | |||
| HitsAddendMinValue uint32 `envconfig:"DEFAULT_HITS_ADDEND_MIN_VALUE" default:"1"` | |||
There was a problem hiding this comment.
can we do w/o this extra field ?
we'll need to make HitsAddend optional/ptr in the API https://github.com/envoyproxy/go-control-plane/blob/e0e383246f4cd59a40967987057c76f03526cffb/envoy/service/ratelimit/v3/rls.pb.go#L179
which may be a breaking change
cc @zirain @mathetake @wbpcode
There was a problem hiding this comment.
if this still defaults to 1 then i don't think this would be a breaking change in practice i guess? but ack we should need to allow zero in the API regardless
There was a problem hiding this comment.
@arkodg I confirm that this is not a breaking change and that the HitsAddendMinValue field introduced here is not needed in the RatelimitRequest request send to the ratelimit service.
This is only a config variable of the reatelimit service, with default value of 1 that matches the current hardcoded value of 1.
@mathetake there is no change to be done to the API, as zero is already a valid value for the HitsAddend value. In fact it is the default value when no custom HitsAddend value is set via the Set-Filter-State HTTP filter or directly in the RatelimitRequest and the actual +1 increment is enforced at the ratelimit service level (if the hitAddend value is set to zero in the request -- either voluntarily or because it is absent in the request-- the value is override to 1).
Currently, if someone uses the FilterState to enforce the hitsAddend value voluntarily to zero (we have a use case for that) or set the HitsAddend value to zero in the RatelimitRequest, then in practice the limit counter will still be incremented because of the max(request.HitsAddend, 1) check that is done, which is not expected.
What this PR does basically is just to allow to change this hardcoded 1 to any value >=0 (same constraints than the api, but still keeping 1 as default value to not change the actual behavior) to allow RatelimitRequests with zero increment.
There was a problem hiding this comment.
hey @gcalmettes, we understand the issue and our use case is the same as yours :)
I was questioning the current RLS API and the semantics defined in RateLimitRequest , since its not a pointer, there's no way to figure out unset (default:1 ) vs set to 0.
It maybe too late to edit that API, the easiest thing to do maybe is
- set the default value to
1in envoy ifHitsAddendis not set - update the code in this project to
max(request.HitsAddend, 0)simplifying the logic and maintaining backwards compatibility
wdyt @mathetake @wbpcode
There was a problem hiding this comment.
sounds like you had the same idea @mathetake #729 (comment)
|
What's is the behavior of zero hits_addend? I think we use 1 as check and CUSTOM_HITS_ADDEND -1 as report, but if 0 could aslo be used as check, maybe it's simpler. cc @mathetake cc @arkodg |
|
/wait |
|
So currently, RateLimitRequest API assumes that null (== zero in Go level) addend should be interpreted as 1:
so if we change the default value to whatever number to non one, then RSL doesn't comply with the API comment in other words. In fact, Envoy's current implementation relies on the fact that " But I think we could make changes to Envoy as well that
wdyt |
|
Change the exist behavior is not recommended. I would suggest to use per-descriptor The |
sounds good, is that the feature-to-be-added in envoyproxy/envoy#37567? I think then the per-descriptor addend combined with this configuration makes our life easier |
Yeah. The #37567 is the first PR to add API and local rate limit implementation. Then I will add a PR to support it for global ratelimit. At that PR is #37567 is merged, we can do the per-descriptor support the |
fix: #730
In the current implementation of the
ratelimitservice, thehitsAddendvalue that is associated with each request is set to a minimum of1.This is done to ensure that if the
RateLimitrequest does not specify anyrequest.hitsAddend(like what the envoy ratelimit filter does by default if no envoy.ratelimit.hits_addend has been defined), the hit is still counted.This minimum
hitsAddendof1is enforced via aMax(1, <hitsAddend from request>)function.This PR adds the possibility to configure the minimum value of the
hitsAddendvia a settings, so0can also be used as minimumhitsAddendvalue if needed. The current behavior of1being the default value is preserved, and if the environment variable is not set, then a value of1is applied, like currently.The ability to configure a minimum
hitsAddendto zero can help for example for the following use cases:RateLimitRequestto check the current remaining rates without consuming a quota (e.g.: Add a way to check rate limits without using quota #244)1value to the real weight defined ashitsAddend.