Compilation results for ms-fe1009.eqiad.wmnet: System changes detected
You can retrieve this result from host.json.Catalog differences
Summary
| Total Resources: | 3370 |
|---|---|
| Resources added: | 3 |
| Resources removed: | 0 |
| Resources modified: | 5 |
| Change percentage: | 0.24% |
Resources only in the new catalog
- File[/etc/envoy/clusters.d/01-cluster_ratelimit.yaml]
- Envoyproxy::Conf[cluster_ratelimit]
- Envoyproxy::Cluster[cluster_ratelimit]
Resources modified
- File[/etc/envoy/listeners.d/00-tls_terminator_443.yaml]
- Content differences:
--- /etc/envoy/listeners.d/00-tls_terminator_443.yaml.orig +++ /etc/envoy/listeners.d/00-tls_terminator_443.yaml @@ -41,7 +41,40 @@ retry_policy: num_retries: 1 retry_on: "5xx" + typed_per_filter_config: + envoy.filters.http.ratelimit.resp: + "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute + rate_limits: + - hits_addend: + format: "%BYTES_SENT%" + apply_on_stream_done: true + # NOTE: If one of the headers referenced below is not set, the rate limit is not applied. + actions: + # Provide the user's identity (x-client-ip is set at the edge) as the counter key + - request_headers: + descriptor_key: user_id + header_name: x-client-ip + # Hardcode the policy and user class for now + - generic_key: + descriptor_key: policy + descriptor_value: thumbnails + - generic_key: + descriptor_key: user_class + descriptor_value: anon http_filters: + - name: envoy.filters.http.ratelimit.resp + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit + domain: upload + request_type: both + stage: 0 + failure_type_deny: false # return 200 if rate limit service is unavailable + enable_x_ratelimit_headers: DRAFT_VERSION_03 + rate_limit_service: + transport_api_version: V3 + grpc_service: + envoy_grpc: + cluster_name: cluster_ratelimit - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
- Content differences:
- Class[Profile::Tlsproxy::Envoy]
- Parameters differences:
--- Class[Profile::Tlsproxy::Envoy].orig +++ Class[Profile::Tlsproxy::Envoy] + rate_limit_config => {'address': 'ratelimit-media.svc.eqiad.wmnet', 'port': 8081, 'domain': 'upload'} + rate_limit_enabled => True- Envoyproxy::Tls_terminator[443]
- Parameters differences:
--- Envoyproxy::Tls_terminator[443].orig +++ Envoyproxy::Tls_terminator[443] - stek_files => [] - generate_request_id => True - global_certs => [{'cert_path': '/etc/envoy/ssl/discovery2026__swift_discovery_wmnet_server.chained.pem', 'key_path': '/etc/envoy/ssl/discovery2026__swift_discovery_wmnet_server-key.pem'}] - circuit_breakers_config => defaults + global_key_path => /etc/envoy/ssl/discovery2026__swift_discovery_wmnet_server-key.pem + rate_limit_config => {'address': 'ratelimit-media.svc.eqiad.wmnet', 'port': 8081, 'domain': 'upload'} + global_cert_path => /etc/envoy/ssl/discovery2026__swift_discovery_wmnet_server.chained.pem + rate_limit_enabled => True @@ - upstreams => [{'server_names': ['*'], 'certificates': None, 'upstream': {'port': 80, 'addr': '10.64.0.166'}}] + upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 80, 'upstream_addr': '10.64.0.166'}]- Envoyproxy::Conf[tls_terminator_443]
- Envoyproxy::Listener[tls_terminator_443]
Relevant files
- Envoyproxy::Conf[tls_terminator_443]
- Envoyproxy::Tls_terminator[443]
- Parameters differences: