Open
Description
I have asked this question at stackoverflow but posting here again because did not receive any response.
I have implemented an envoy filter that aims to limit layer size for upload to a registry (CNCF), I cannot use the pre-exisiting max_request_body_bytes filter because the size limit is huge and I do not want to buffer the whole request. I have come up with the following approach but it doesnt seem to work, docker push ends up pushing bigger layers than is permitted by the filter.
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.lua
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
default_source_code:
inline_string: |
function envoy_on_request(request_handle)
local max_bytes = 10 * 1024 * 1024 #10MB for testing purpose would be >10GB in actual.
local total = 0
for chunk in request_handle:bodyChunks() do
total = total + chunk:length()
if total > max_bytes then
request_handle:respond(
{ [":status"] = 413,
["content-type"] = "application/json"},
"{\"errors\":[{\"code\":\"TOOBIG\",\"message\":\"Layer exceeds maximum allowed size\"}]}"
)
return
end
end
end
The logs show the following error:
error envoy lua external/envoy/source/extensions/filters/common/lua/lua.cc:32 script log: [string "function envoy_on_request(request_handle)..."]:7: respond() cannot be called if headers have been continued thread=23
Is my approach correct, is there some other way I should be using to restrict the size of uploads?