Conversation
Prove native per-API-key request + generation-token enforcement on the AI gateway via Envoy Gateway global/cost-based rate limiting, no proxy code. - Enable EG global rate-limit service pointed at an in-cluster Redis (config.envoyGateway.rateLimit.backend). - Deploy an ephemeral Redis (no persistence/HA; RL-2 decides posture). - Add a per-key BackendTrafficPolicy (request count + token budget charged from io.envoy.ai_gateway:llm_output_token, keyed on x-api-key-id). It renders only when a real key is supplied, so deploying readies infra and enforces nothing by default. Token cost metadata and the x-api-key-id header already exist; this only adds the Redis backend and policy. Runbook in docs/rate-limit-spike.md.
Per-API-key request + token-budget enforcement verified end-to-end on app-dev (EG v1.7.1) with no auth/proxy code: 200,200,429,429,429,200 under a 5 req/min + 100 token/min policy, response_flags=RL, Redis-backed counters. Corrects the identifier conclusion: x-api-key-id is the OpenBao DisplayName AIWB mints as token-<namespace>-<apikeyname>, globally unique per key, so per-key limiting works out of the box. Captures carry-forward findings (fixed windows, overshoot-by-one, bare 429, fail-open only in v1.7.1).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Spike scaffolding (RL-1) to prove native, per-API-key request + generation-token enforcement on the AI gateway using Envoy Gateway global / cost-based rate limiting backed by Redis. No proxy or upstream code.
Changes
root/values.yaml(config.envoyGateway.rateLimit.backend)sources/envoy-gateway-config/templates/ratelimit-redis.yamlBackendTrafficPolicy(request count + token budget)sources/envoy-gateway-config/templates/backend-traffic-policy-ratelimit.yamlsources/envoy-gateway-config/values.yaml(rateLimit.*)docs/rate-limit-spike.mdSafe by default
rateLimit.enabled: true→ deploys Redis + the rate-limit service.rateLimit.policy.enabled: false→ the per-key policy does not render until a real key is supplied.So merging/deploying this readies the infra and enforces nothing — zero impact on inference until we plug in a key and flip the policy on.
Builds on what's already live
io.envoy.ai_gateway:llm_output_tokenviaAIGatewayRoute.spec.llmRequestCosts(ai-gateway-discovery).x-api-key-idis injected by cluster-auth ext_authz.The policy keys on exactly those — this PR only adds the Redis backend + policy.
Known risk to verify on cluster
The rate-limit filter must run after ext_authz or
x-api-key-idis absent at limiting time. The ai-gateway EnvoyProxy already orderslua before ext_authz; live filter-chain ordering will be confirmed before enabling the policy (Step 2 in the runbook).Test plan
See
docs/rate-limit-spike.md. Once deployed to app-dev with a real key:Follow-ups (RL-2+)
Redis HA/persistence posture, windows offered (min/hour/day), confirm "generation tokens" =
llm_output_tokenvs total, narrowtargetRefto per-service HTTPRoute (or addx-aim-service-idselector) for per-inference-service limits.