Envoy和Istio的节流限制

我正在尝试通过允许用户向Pilot提供外部速率限制服务[3]作为环境变量，从而为Istio为Thrift协议栈[2]添加最基本的rls [1]支持。我遇到了一个问题，该配置似乎被客户端拒绝了。

这里是我的Istio控制平面代码的隔离和简化版本：

import (
    "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
    "istio.io/istio/pilot/pkg/model"
    "istio.io/istio/pilot/pkg/networking/util"
    ratelimit "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v2"
    thrift_proxy "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/thrift_proxy/v2alpha1"
    thrift_ratelimit "github.com/envoyproxy/go-control-plane/envoy/config/filter/thrift/rate_limit/v2alpha1"
)

// thriftListenerOpts are options for a Thrift listener
type thriftListenerOpts struct {
    // stat prefix for the thrift connection manager
    // DO not set this field. Will be overridden by buildCompleteFilterChain
    statPrefix  string
    transport   int
    protocol    int
    routeConfig *thrift_proxy.RouteConfiguration
}

func buildRatelimtedThriftProxy(node *model.Proxy, thriftOpts *thriftListenerOpts, ratelimitServiceUri string) *thrift_proxy.ThriftProxy {
    var ratelimitService *thrift_ratelimit.RateLimit
    var ratelimitFilter  *thrift_proxy.ThriftFilter
    var proxy *thrift_proxy.ThriftProxy

    proxy = &thrift_proxy.ThriftProxy{
        StatPrefix:  thriftOpts.statPrefix,
        Transport:   thrift_proxy.HEADER,
        Protocol:    thrift_proxy.BINARY,
        RouteConfig: thriftOpts.routeConfig,
    }

    ratelimitFilter = &thrift_proxy.ThriftFilter{
        Name: "config.filter.thrift.rate_limit.v2alpha1.RateLimit",
    }

    ratelimitService = &thrift_ratelimit.RateLimit{
        RateLimitService: &ratelimit.RateLimitServiceConfig{
            GrpcService: &core.GrpcService{
                TargetSpecifier: &core.GrpcService_GoogleGrpc_{
                    GoogleGrpc: &core.GrpcService_GoogleGrpc{
                        TargetUri: ratelimitServiceUri,
                    },
                },
            },
        },
    }

    if util.IsXDSMarshalingToAnyEnabled(node) {
        ratelimitFilter.ConfigType = &thrift_proxy.ThriftFilter_TypedConfig{TypedConfig: util.MessageToAny(ratelimitService)}
    } else {
        ratelimitFilter.ConfigType = &thrift_proxy.ThriftFilter_Config{Config: util.MessageToStruct(ratelimitService)}
    }

    proxy.ThriftFilters = append(proxy.ThriftFilters, ratelimitFilter)

    return proxy
}

检查Envoy的管理界面的/config_dump端点时，如果未提供速率限制配置，则表示存在代理并且配置正确。一旦我尝试添加ratelimit配置，它就会完全消失。

我在做什么错？

1. 定义节流速率限制api的源代码：https://github.com/envoyproxy/envoy/blob/master/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto#L9
2. 在此处查看官方文档：https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto
3. 此处的参考实现：https://github.com/lyft/ratelimit