apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: filter-local-ratelimit-svc-sa spec: configPatches: - applyTo: HTTP_ROUTE match: context: SIDECAR_INBOUND routeConfiguration: vhost: name: "inbound|http|80" patch: operation: MERGE value: route: rate_limits: - actions: - request_headers: header_name: ":path" descriptor_key: "pathx" - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND patch: operation: INSERT_BEFORE value: name: envoy.filters.http.local_ratelimit typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit value: stat_prefix: http_local_rate_limiter token_bucket: max_tokens: 1000 tokens_per_fill: 1000 fill_interval: 1s filter_enabled: runtime_key: local_rate_limit_enabled default_value: numerator: 100 denominator: HUNDRED filter_enforced: runtime_key: local_rate_limit_enforced default_value: numerator: 100 denominator: HUNDRED response_headers_to_add: - append: true header: key: x-local-rate-limit value: 'true' descriptors: - entries: - key: pathx value: "/foo" token_bucket: max_tokens: 1 tokens_per_fill: 1 fill_interval: 60s workloadSelector: labels: app: nginx