Hide rate limit (istio#221)

Hide rate limit from ingress docs

tsb/gateway/v2/ingress_gateway.pb.html

@@ -4,12 +4,12 @@
 location: https://tetrate.io/docs/reference/config/gateway/v2/ingress-gateway.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-number_of_entries: 31
+number_of_entries: 29
 ---
 <p><code>IngressGateway</code> configures a workload to act as a gateway for
 traffic entering the mesh. The ingress gateway also provides basic
-API gateway functionalities such as JWT token validation, rate
-limiting, and request authorization. Gateways in privileged
+API gateway functionalities such as JWT token validation
+and request authorization. Gateways in privileged
 workspaces can route to services outside the workspace while those
 in unprivileged workspaces can only route to services inside the
 workspace.</p>
@@ -21,10 +21,8 @@
 <code>bookinfo-certs</code>. Clients are authenticated using JWT tokens, whose
 keys are obtained from the OIDC provider <code>www.googleapis.com</code>. The
 request is then authorized by an the user&rsquo;s authorization engine
-hosted at <code>https://internal.example.com</code>. They are then rate
-limited based on the remote address of the client and the x-user-id
-header value before being forwarded to the <code>productpage</code> service in
-the backend.</p>
+hosted at <code>https://company.com/authz</code> before being forwarded to
+the <code>productpage</code> service in the backend.</p>
 
 <pre><code class="language-yaml">apiVersion: gateway.tsb.tetrate.io/v2
 kind: IngressGateway
@@ -55,15 +53,6 @@
         uri: https://company.com/authz
         includeRequestHeaders:
         - Authorization # forwards the header to the authorization service.
-    rateLimiting:
-      domain: abc
-      failOpen: false
-      rateLimitServerUri: grpcs://company.com/ratelimitapi
-      actions:
-      - remoteAddress
-      - requestHeaders:
-          headerName: x-user-id
-          descriptorKey: userid
     routing:
       rules:
       - route:
@@ -258,17 +247,6 @@ <h2 id="HttpServer">HttpServer</h2>
 Yes
 </td>
 </tr>
-<tr id="HttpServer-rate_limiting">
-<td><code>rateLimiting</code></td>
-<td><code><a href="#RateLimiting">RateLimiting</a></code></td>
-<td>
-<p>Configuration for rate limiting requests.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
 </tbody>
 </table>
 </section>
@@ -932,160 +910,6 @@ <h2 id="Subject">Subject</h2>
 <td>
 <p>JWT configuration to identity the subject.</p>
 
-</td>
-<td>
-No
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="RateLimiting">RateLimiting</h2>
-<section>
-<p>RateLimiting</p>
-
-<p>HTTP/gRPC requests can be rate limited based on a variety of
-attributes in the request such as headers (including cookies), URL
-path/prefixes, etc. The rate limit backend must expose Envoy&rsquo;s Rate
-Limit Service gRPC API
-(https://www.envoyproxy.io/docs/envoy/latest/configuration/other<em>features/rate</em>limit#config-rate-limit-service).</p>
-
-<p>If the rate limit service is called, and the response for any of
-the descriptors is over limit, a 429 response is returned. The rate
-limit filter also sets the x-envoy-ratelimited header.</p>
-
-<p>If there is an error in calling rate limit service or rate limit
-service returns an error and failure<em>mode</em>deny is set to true, a
-500 response is returned.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-<th>Required</th>
-</tr>
-</thead>
-<tbody>
-<tr id="RateLimiting-domain">
-<td><code>domain</code></td>
-<td><code>string</code></td>
-<td>
-<p>The rate limit domain to use when calling the rate limit service.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimiting-fail_open">
-<td><code>failOpen</code></td>
-<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">BoolValue</a></code></td>
-<td>
-<p>If the rate limit service is unavailable, the request will fail
-if failOpen is set to false. Defaults to true.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimiting-rate_limit_server_uri">
-<td><code>rateLimitServerUri</code></td>
-<td><code>string</code></td>
-<td>
-<p>The URI at which the rate limit server can be reached.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimiting-actions">
-<td><code>actions</code></td>
-<td><code><a href="#RateLimitAction">RateLimitAction[]</a></code></td>
-<td>
-<p>A set of rate limit actions to perform for traffic to this server.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="RateLimitAction">RateLimitAction</h2>
-<section>
-<p>RateLimitAction</p>
-
-<p>RateLimitAction is a set of conditions to match HTTP requests
-that should be rate limited, and emit a set of keys and values that
-will then be passed on to the rate limit server.  The server is
-expected to make a rate limit decision based on these keys and
-values.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-<th>Required</th>
-</tr>
-</thead>
-<tbody>
-<tr id="RateLimitAction-source_cluster" class="oneof oneof-start">
-<td><code>sourceCluster</code></td>
-<td><code><a href="#RateLimitAction-SourceCluster">SourceCluster (oneof)</a></code></td>
-<td>
-<p>Rate limit on source envoy cluster.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimitAction-destination_cluster" class="oneof">
-<td><code>destinationCluster</code></td>
-<td><code><a href="#RateLimitAction-DestinationCluster">DestinationCluster (oneof)</a></code></td>
-<td>
-<p>Rate limit on destination envoy cluster.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimitAction-remote_address" class="oneof">
-<td><code>remoteAddress</code></td>
-<td><code><a href="#RateLimitAction-RemoteAddress">RemoteAddress (oneof)</a></code></td>
-<td>
-<p>Rate limit on remote address of client.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimitAction-request_headers" class="oneof">
-<td><code>requestHeaders</code></td>
-<td><code><a href="#RateLimitAction-RequestHeaders">RequestHeaders (oneof)</a></code></td>
-<td>
-<p>Rate limit on the value of certain request headers.</p>
-
-</td>
-<td>
-No
-</td>
-</tr>
-<tr id="RateLimitAction-header_value_match" class="oneof">
-<td><code>headerValueMatch</code></td>
-<td><code><a href="#RateLimitAction-HeaderValueMatch">HeaderValueMatch (oneof)</a></code></td>
-<td>
-<p>Rate limit on the existence of certain request headers.</p>
-
 </td>
 <td>
 No

tsb/gateway/v2/ingress_gateway.proto

@@ -8,8 +8,8 @@ syntax = "proto3";
 
 // `IngressGateway` configures a workload to act as a gateway for
 // traffic entering the mesh. The ingress gateway also provides basic
-// API gateway functionalities such as JWT token validation, rate
-// limiting, and request authorization. Gateways in privileged
+// API gateway functionalities such as JWT token validation 
+// and request authorization. Gateways in privileged
 // workspaces can route to services outside the workspace while those
 // in unprivileged workspaces can only route to services inside the
 // workspace.
@@ -21,10 +21,8 @@ syntax = "proto3";
 // `bookinfo-certs`. Clients are authenticated using JWT tokens, whose
 // keys are obtained from the OIDC provider `www.googleapis.com`. The
 // request is then authorized by an the user's authorization engine
-// hosted at `https://internal.example.com`. They are then rate
-// limited based on the remote address of the client and the x-user-id
-// header value before being forwarded to the `productpage` service in
-// the backend.
+// hosted at `https://company.com/authz` before being forwarded to 
+// the `productpage` service in the backend.
 //
 // ```yaml
 // apiVersion: gateway.tsb.tetrate.io/v2
@@ -56,15 +54,6 @@ syntax = "proto3";
 //         uri: https://company.com/authz
 //         includeRequestHeaders:
 //         - Authorization # forwards the header to the authorization service.
-//     rateLimiting:
-//       domain: abc
-//       failOpen: false
-//       rateLimitServerUri: grpcs://company.com/ratelimitapi
-//       actions:
-//       - remoteAddress
-//       - requestHeaders:
-//           headerName: x-user-id
-//           descriptorKey: userid
 //     routing:
 //       rules:
 //       - route:
@@ -138,6 +127,7 @@ message HttpServer {
   // Routing rules associated with HTTP traffic to this service.
   HttpRouting routing = 7 [(google.api.field_behavior) = REQUIRED, (validate.rules).message.required = true];
 
+  // $hide_from_docs
   // Configuration for rate limiting requests.
   RateLimiting rate_limiting = 8;
 };
@@ -419,6 +409,7 @@ message Subject {
   JWTClaims jwt = 1;
 }
 
+// $hide_from_docs
 // RateLimiting
 //
 // HTTP/gRPC requests can be rate limited based on a variety of
@@ -450,6 +441,7 @@ message RateLimiting {
 }
 
 
+// $hide_from_docs
 // RateLimitAction
 //
 // RateLimitAction is a set of conditions to match HTTP requests