From 60d458f7b9c284f72a645ff6fe187111ce36d301 Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Sun, 22 Feb 2026 11:59:25 -0800 Subject: [PATCH 1/8] Add Observability Metrics --- .../terraform/envoy-ratelimiter/README.md | 54 ++++++++- .../terraform/envoy-ratelimiter/deploy.sh | 39 +++++++ .../envoy-ratelimiter/prerequisites.tf | 1 + .../terraform/envoy-ratelimiter/ratelimit.tf | 108 +++++++++--------- .../terraform/envoy-ratelimiter/variables.tf | 2 +- 5 files changed, 144 insertions(+), 60 deletions(-) create mode 100755 examples/terraform/envoy-ratelimiter/deploy.sh diff --git a/examples/terraform/envoy-ratelimiter/README.md b/examples/terraform/envoy-ratelimiter/README.md index bb974873591d..aeabe9ac4f36 100644 --- a/examples/terraform/envoy-ratelimiter/README.md +++ b/examples/terraform/envoy-ratelimiter/README.md @@ -82,7 +82,7 @@ cluster_name = "ratelimit-cluster" # Name of the GKE cluster deletion_protection = true # Prevent accidental cluster deletion (set "true" for prod) control_plane_cidr = "172.16.0.0/28" # CIDR for GKE control plane (must not overlap with subnet) namespace = "envoy-ratelimiter" # Kubernetes namespace for deployment -enable_metrics = false # Deploy statsd-exporter sidecar +enable_metrics = true # Enable metrics export to Google Cloud Monitoring ratelimit_replicas = 1 # Initial number of Rate Limit pods min_replicas = 1 # Minimum HPA replicas max_replicas = 5 # Maximum HPA replicas @@ -115,10 +115,21 @@ EOF terraform init ``` -2. Plan and apply the changes: +2. **Deploy (Recommended)**: +Run the helper script to handle the +deployment process automatically: ```bash -terraform plan -out=tfplan -terraform apply tfplan +./deploy.sh +``` + +3. **Deploy (Manual Alternative)**: +If you prefer running Terraform manually, you must apply in two steps: +```bash +# Step 1: Create Cluster +terraform apply -target=time_sleep.wait_for_cluster + +# Step 2: Create Resources +terraform apply ``` 3. Connect to the service: @@ -150,11 +161,44 @@ The service is accessible **only from within the VPC** (e.g., via Dataflow worke ``` +# Observability & Metrics: +This module supports native Prometheus metrics export to **Google Cloud Managed Prometheus**. + +### Enabling Metrics + `enable_metrics` is set to `true` by default. + +### Available Metrics +Once enabled, the Envoy Rate Limiter exports metrics to Google Cloud Monitoring. You can view them in **Metrics Explorer** by searching for `ratelimit`. + +### Sample Metrics +| Metric Name | Description | +| :--- | :--- | +| `ratelimit_service_rate_limit_total_hits` | Total rate limit requests received. | +| `ratelimit_service_rate_limit_over_limit` | Requests that exceeded the limit (HTTP 429). | +| `ratelimit_service_rate_limit_near_limit` | Requests that are approaching the limit. | +| `ratelimit_service_call_should_rate_limit` | Total valid gRPC calls to the service. | + +*Note: You will also see many other Go runtime metrics (`go_*`) and Redis client metrics (`redis_*`).* + +### Viewing in Google Cloud Console +1. Go to **Monitoring** > **Metrics Explorer**. +2. Click **Select a metric**. +3. Search for `ratelimit` and select **Prometheus Target** > **ratelimit**. +4. Select a metric (e.g., `ratelimit_service_rate_limit_over_limit`) and click **Apply**. +5. Use **Filters** to drill down by `domain`, `key`, or `value` (e.g., `key=database`, `value=users`). + # Clean up resources: To destroy the cluster and all created resources: + +```bash +./deploy.sh destroy +``` + +Alternatively: ```bash terraform destroy ``` + *Note: If `deletion_protection` was enabled, you must set it to `false` in `terraform.tfvars` before destroying.* # Variables description: @@ -169,7 +213,7 @@ terraform destroy |control_plane_cidr |CIDR block for GKE control plane |172.16.0.0/28 | |cluster_name |Name of the GKE cluster |ratelimit-cluster | |namespace |Kubernetes namespace to deploy resources into |envoy-ratelimiter | -|enable_metrics |Deploy statsd-exporter sidecar |false | +|enable_metrics |Enable metrics export to Google Cloud Monitoring |true | |deletion_protection |Prevent accidental cluster deletion |false | |ratelimit_replicas |Initial number of Rate Limit pods |1 | |min_replicas |Minimum HPA replicas |1 | diff --git a/examples/terraform/envoy-ratelimiter/deploy.sh b/examples/terraform/envoy-ratelimiter/deploy.sh new file mode 100755 index 000000000000..ee83a0acfe27 --- /dev/null +++ b/examples/terraform/envoy-ratelimiter/deploy.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -e + +COMMAND=${1:-"apply"} + +if [ "$COMMAND" = "destroy" ]; then + echo "Destroying Envoy Rate Limiter Resources..." + echo "Note: If 'deletion_protection = true', this will fail for the cluster." + terraform destroy + exit $? +fi + +if [ "$COMMAND" = "apply" ]; then + echo "Deploying Envoy Rate Limiter..." + + echo "--------------------------------------------------" + echo "Step 1: Creating GKE Cluster..." + echo "--------------------------------------------------" + # Deploy the cluster in step-1 before deploying the application resources. + terraform apply -target=time_sleep.wait_for_cluster -auto-approve + + echo "" + echo "--------------------------------------------------" + echo "Step 2: Deploying Application Resources..." + echo "--------------------------------------------------" + # Deploy the application resources in step-2. + terraform apply -auto-approve + + echo "" + echo "Deployment Complete!" + echo "Cluster Name: $(terraform output -raw cluster_name)" + echo "Load Balancer IP: $(terraform output -raw load_balancer_ip)" + exit 0 +fi + +echo "Detailed Usage:" +echo " ./deploy.sh [apply] # Deploy resources (Default)" +echo " ./deploy.sh destroy # Destroy resources" +exit 1 diff --git a/examples/terraform/envoy-ratelimiter/prerequisites.tf b/examples/terraform/envoy-ratelimiter/prerequisites.tf index 41151fae91cc..44f321457a27 100644 --- a/examples/terraform/envoy-ratelimiter/prerequisites.tf +++ b/examples/terraform/envoy-ratelimiter/prerequisites.tf @@ -21,6 +21,7 @@ resource "google_project_service" "required" { "container", "iam", "compute", + "monitoring", ]) service = "${each.key}.googleapis.com" diff --git a/examples/terraform/envoy-ratelimiter/ratelimit.tf b/examples/terraform/envoy-ratelimiter/ratelimit.tf index c95e48927cb7..21235680d8e7 100644 --- a/examples/terraform/envoy-ratelimiter/ratelimit.tf +++ b/examples/terraform/envoy-ratelimiter/ratelimit.tf @@ -158,11 +158,30 @@ resource "kubernetes_deployment" "ratelimit" { port { container_port = 6070 } + dynamic "port" { + for_each = var.enable_metrics ? [1] : [] + content { + name = "metrics" + container_port = 9090 + } + } env { - name = "USE_STATSD" + name = "USE_PROMETHEUS" value = var.enable_metrics ? "true" : "false" } + env { + name = "PROMETHEUS_ADDR" + value = ":9090" + } + env { + name = "PROMETHEUS_PATH" + value = "/metrics" + } + env { + name = "USE_STATSD" + value = "false" + } env { name = "DISABLE_STATS" value = var.enable_metrics ? "false" : "true" @@ -203,14 +222,6 @@ resource "kubernetes_deployment" "ratelimit" { name = "CONFIG_TYPE" value = "FILE" } - env { - name = "STATSD_HOST" - value = "localhost" - } - env { - name = "STATSD_PORT" - value = "9125" - } env { name = "GRPC_MAX_CONNECTION_AGE" value = var.ratelimit_grpc_max_connection_age @@ -231,41 +242,7 @@ resource "kubernetes_deployment" "ratelimit" { } } - dynamic "container" { - for_each = var.enable_metrics ? [1] : [] - content { - name = "statsd-exporter" - image = var.statsd_exporter_image - args = ["--log.format=json"] - - dynamic "port" { - for_each = var.enable_metrics ? [1] : [] - content { - name = "metrics" - container_port = 9102 - } - } - dynamic "port" { - for_each = var.enable_metrics ? [1] : [] - content { - name = "statsd-udp" - container_port = 9125 - protocol = "UDP" - } - } - # statsd-exporter does not use much resources, so setting resources to the minimum - resources { - requests = { - cpu = "50m" - memory = "64Mi" - } - limits = { - cpu = "100m" - memory = "128Mi" - } - } - } - } + volume { name = "config-volume" @@ -361,8 +338,8 @@ resource "kubernetes_service" "ratelimit" { for_each = var.enable_metrics ? [1] : [] content { name = "metrics" - port = 9102 - target_port = 9102 + port = 9090 + target_port = 9090 } } } @@ -398,15 +375,38 @@ resource "kubernetes_service" "ratelimit_external" { port = 6070 target_port = 6070 } - dynamic "port" { - for_each = var.enable_metrics ? [1] : [] - content { - name = "metrics" - port = 9102 - target_port = 9102 - } - } + } depends_on = [kubernetes_namespace.ratelimit_namespace] } + +# Pod Monitoring +resource "kubernetes_manifest" "ratelimit_pod_monitoring" { + manifest = { + apiVersion = "monitoring.googleapis.com/v1" + kind = "PodMonitoring" + metadata = { + name = "ratelimit-monitoring" + namespace = var.namespace + } + spec = { + selector = { + matchLabels = { + app = "ratelimit" + } + } + endpoints = [ + { + port = "metrics" # Matches the port name in the service/deployment + path = "/metrics" + interval = "15s" + } + ] + } + } + depends_on = [ + kubernetes_deployment.ratelimit, + time_sleep.wait_for_cluster + ] +} diff --git a/examples/terraform/envoy-ratelimiter/variables.tf b/examples/terraform/envoy-ratelimiter/variables.tf index b7a771148215..f6b36be2ec29 100644 --- a/examples/terraform/envoy-ratelimiter/variables.tf +++ b/examples/terraform/envoy-ratelimiter/variables.tf @@ -185,5 +185,5 @@ variable "namespace" { variable "enable_metrics" { description = "Whether to deploy the statsd-exporter sidecar for Prometheus metrics" type = bool - default = false + default = true } From 5444e5ceaa2f762d3b1da7c96803e18dcb309045 Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Sun, 22 Feb 2026 12:00:08 -0800 Subject: [PATCH 2/8] Update script --- examples/terraform/envoy-ratelimiter/README.md | 12 ++++-------- examples/terraform/envoy-ratelimiter/deploy.sh | 12 +++++++++--- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/examples/terraform/envoy-ratelimiter/README.md b/examples/terraform/envoy-ratelimiter/README.md index aeabe9ac4f36..bcd7053fd94c 100644 --- a/examples/terraform/envoy-ratelimiter/README.md +++ b/examples/terraform/envoy-ratelimiter/README.md @@ -110,19 +110,15 @@ EOF ``` # Deploy Envoy Rate Limiter: -1. Initialize Terraform to download providers and modules: -```bash -terraform init -``` -2. **Deploy (Recommended)**: -Run the helper script to handle the -deployment process automatically: +1. **Deploy (Recommended)**: +Run the helper script to handle the deployment process automatically: ```bash +chmod +x deploy.sh ./deploy.sh ``` -3. **Deploy (Manual Alternative)**: +2. **Deploy (Manual Alternative)**: If you prefer running Terraform manually, you must apply in two steps: ```bash # Step 1: Create Cluster diff --git a/examples/terraform/envoy-ratelimiter/deploy.sh b/examples/terraform/envoy-ratelimiter/deploy.sh index ee83a0acfe27..bd70a685c3be 100755 --- a/examples/terraform/envoy-ratelimiter/deploy.sh +++ b/examples/terraform/envoy-ratelimiter/deploy.sh @@ -5,23 +5,29 @@ COMMAND=${1:-"apply"} if [ "$COMMAND" = "destroy" ]; then echo "Destroying Envoy Rate Limiter Resources..." - echo "Note: If 'deletion_protection = true', this will fail for the cluster." + echo "Note: If 'deletion_protection = true',this operation will fail for the cluster." terraform destroy exit $? fi if [ "$COMMAND" = "apply" ]; then + # Auto-initialize if needed + if [ ! -d ".terraform" ]; then + echo "Initializing Terraform..." + terraform init + fi + echo "Deploying Envoy Rate Limiter..." echo "--------------------------------------------------" - echo "Step 1: Creating GKE Cluster..." + echo "Creating GKE Cluster..." echo "--------------------------------------------------" # Deploy the cluster in step-1 before deploying the application resources. terraform apply -target=time_sleep.wait_for_cluster -auto-approve echo "" echo "--------------------------------------------------" - echo "Step 2: Deploying Application Resources..." + echo "Deploying Application Resources..." echo "--------------------------------------------------" # Deploy the application resources in step-2. terraform apply -auto-approve From 75deb5984431c5b3062b57d3c0b0fb827cf36012 Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Wed, 25 Feb 2026 21:16:20 -0800 Subject: [PATCH 3/8] update readme --- .../terraform/envoy-ratelimiter/README.md | 7 +-- .../terraform/envoy-ratelimiter/deploy.sh | 47 ++++++++++++++----- 2 files changed, 36 insertions(+), 18 deletions(-) diff --git a/examples/terraform/envoy-ratelimiter/README.md b/examples/terraform/envoy-ratelimiter/README.md index bcd7053fd94c..65261bb088e1 100644 --- a/examples/terraform/envoy-ratelimiter/README.md +++ b/examples/terraform/envoy-ratelimiter/README.md @@ -114,7 +114,6 @@ EOF 1. **Deploy (Recommended)**: Run the helper script to handle the deployment process automatically: ```bash -chmod +x deploy.sh ./deploy.sh ``` @@ -158,12 +157,10 @@ The service is accessible **only from within the VPC** (e.g., via Dataflow worke # Observability & Metrics: -This module supports native Prometheus metrics export to **Google Cloud Managed Prometheus**. +This module supports exporting native Prometheus metrics to **Google Cloud Monitoring**. -### Enabling Metrics `enable_metrics` is set to `true` by default. -### Available Metrics Once enabled, the Envoy Rate Limiter exports metrics to Google Cloud Monitoring. You can view them in **Metrics Explorer** by searching for `ratelimit`. ### Sample Metrics @@ -181,7 +178,7 @@ Once enabled, the Envoy Rate Limiter exports metrics to Google Cloud Monitoring. 2. Click **Select a metric**. 3. Search for `ratelimit` and select **Prometheus Target** > **ratelimit**. 4. Select a metric (e.g., `ratelimit_service_rate_limit_over_limit`) and click **Apply**. -5. Use **Filters** to drill down by `domain`, `key`, or `value` (e.g., `key=database`, `value=users`). +5. Use **Filters** to drill down by `domain`, `key`, and `value` (e.g., `key=database`, `value=users`). # Clean up resources: To destroy the cluster and all created resources: diff --git a/examples/terraform/envoy-ratelimiter/deploy.sh b/examples/terraform/envoy-ratelimiter/deploy.sh index bd70a685c3be..1446160a6b39 100755 --- a/examples/terraform/envoy-ratelimiter/deploy.sh +++ b/examples/terraform/envoy-ratelimiter/deploy.sh @@ -1,35 +1,56 @@ #!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This script simply the deployment of the Envoy Rate Limiter on GKE. + set -e COMMAND=${1:-"apply"} +# 1. Initialize Terraform +if [ ! -d ".terraform" ]; then + echo "Initializing Terraform..." + terraform init +else + # Run init to ensure providers are up to date + terraform init -upgrade=false >/dev/null 2>&1 || terraform init +fi + if [ "$COMMAND" = "destroy" ]; then echo "Destroying Envoy Rate Limiter Resources..." - echo "Note: If 'deletion_protection = true',this operation will fail for the cluster." - terraform destroy + terraform destroy -auto-approve exit $? fi if [ "$COMMAND" = "apply" ]; then - # Auto-initialize if needed - if [ ! -d ".terraform" ]; then - echo "Initializing Terraform..." - terraform init - fi - echo "Deploying Envoy Rate Limiter..." echo "--------------------------------------------------" - echo "Creating GKE Cluster..." + echo "Creating/Updating GKE Cluster..." echo "--------------------------------------------------" - # Deploy the cluster in step-1 before deploying the application resources. + # Deploy the cluster and wait for it to be ready. terraform apply -target=time_sleep.wait_for_cluster -auto-approve echo "" echo "--------------------------------------------------" echo "Deploying Application Resources..." echo "--------------------------------------------------" - # Deploy the application resources in step-2. + # Deploy the rest of the resources terraform apply -auto-approve echo "" @@ -39,7 +60,7 @@ if [ "$COMMAND" = "apply" ]; then exit 0 fi -echo "Detailed Usage:" -echo " ./deploy.sh [apply] # Deploy resources (Default)" +echo "Usage:" +echo " ./deploy.sh [apply] # Initialize and deploy resources (Default)" echo " ./deploy.sh destroy # Destroy resources" exit 1 From 4cf00ccbd14a83586ede942ef1e2fb77abdd14bc Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Wed, 25 Feb 2026 21:26:35 -0800 Subject: [PATCH 4/8] fix readme --- examples/terraform/envoy-ratelimiter/README.md | 18 ++++++++++-------- examples/terraform/envoy-ratelimiter/deploy.sh | 2 +- .../terraform/envoy-ratelimiter/ratelimit.tf | 2 +- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/examples/terraform/envoy-ratelimiter/README.md b/examples/terraform/envoy-ratelimiter/README.md index 65261bb088e1..ab9b543aae30 100644 --- a/examples/terraform/envoy-ratelimiter/README.md +++ b/examples/terraform/envoy-ratelimiter/README.md @@ -111,30 +111,33 @@ EOF # Deploy Envoy Rate Limiter: -1. **Deploy (Recommended)**: +1. **Deploy Script (Recommended)**: Run the helper script to handle the deployment process automatically: ```bash ./deploy.sh ``` +The script will provide the ip address of the load balancer once the deployment is complete. 2. **Deploy (Manual Alternative)**: -If you prefer running Terraform manually, you must apply in two steps: +If you prefer running Terraform manually, you can use the following commands: ```bash -# Step 1: Create Cluster +# Step 1: Initialize Terraform +terraform init + +# Step 2: Create Cluster terraform apply -target=time_sleep.wait_for_cluster -# Step 2: Create Resources +# Step 3: Create Resources terraform apply ``` -3. Connect to the service: After deployment, get the **Internal** IP address: ```bash terraform output load_balancer_ip ``` The service is accessible **only from within the VPC** (e.g., via Dataflow workers or GCE instances in the same network) at `:8081`. -4. **Test with Dataflow Workflow**: +3. **Test with Dataflow Workflow**: Verify connectivity and rate limiting logic by running the example Dataflow pipeline. ```bash @@ -161,7 +164,6 @@ This module supports exporting native Prometheus metrics to **Google Cloud Monit `enable_metrics` is set to `true` by default. -Once enabled, the Envoy Rate Limiter exports metrics to Google Cloud Monitoring. You can view them in **Metrics Explorer** by searching for `ratelimit`. ### Sample Metrics | Metric Name | Description | @@ -171,7 +173,7 @@ Once enabled, the Envoy Rate Limiter exports metrics to Google Cloud Monitoring. | `ratelimit_service_rate_limit_near_limit` | Requests that are approaching the limit. | | `ratelimit_service_call_should_rate_limit` | Total valid gRPC calls to the service. | -*Note: You will also see many other Go runtime metrics (`go_*`) and Redis client metrics (`redis_*`).* +*Note: You will also see many other Go runtime metrics (`go_*`) and Redis client metrics (`redis_*`) ### Viewing in Google Cloud Console 1. Go to **Monitoring** > **Metrics Explorer**. diff --git a/examples/terraform/envoy-ratelimiter/deploy.sh b/examples/terraform/envoy-ratelimiter/deploy.sh index 1446160a6b39..edc75670130f 100755 --- a/examples/terraform/envoy-ratelimiter/deploy.sh +++ b/examples/terraform/envoy-ratelimiter/deploy.sh @@ -16,7 +16,7 @@ # limitations under the License. # -# This script simply the deployment of the Envoy Rate Limiter on GKE. +# This script deploys the Envoy Rate Limiter on GKE. set -e diff --git a/examples/terraform/envoy-ratelimiter/ratelimit.tf b/examples/terraform/envoy-ratelimiter/ratelimit.tf index 21235680d8e7..a916857fc426 100644 --- a/examples/terraform/envoy-ratelimiter/ratelimit.tf +++ b/examples/terraform/envoy-ratelimiter/ratelimit.tf @@ -398,7 +398,7 @@ resource "kubernetes_manifest" "ratelimit_pod_monitoring" { } endpoints = [ { - port = "metrics" # Matches the port name in the service/deployment + port = "metrics" path = "/metrics" interval = "15s" } From c65f7ca30773f16634065f8852c5e588ac2583e5 Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Wed, 25 Feb 2026 21:31:50 -0800 Subject: [PATCH 5/8] update readme --- examples/terraform/envoy-ratelimiter/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/terraform/envoy-ratelimiter/README.md b/examples/terraform/envoy-ratelimiter/README.md index ab9b543aae30..e133328bc050 100644 --- a/examples/terraform/envoy-ratelimiter/README.md +++ b/examples/terraform/envoy-ratelimiter/README.md @@ -38,7 +38,7 @@ Example Beam Java Pipelines using it: - **Cloud NAT (Prerequisite)**: Allows private nodes to pull Docker images. - **Envoy Rate Limit Service**: A stateless Go/gRPC service that handles rate limit logic. - **Redis**: Stores the rate limit counters. -- **StatsD Exporter**: Sidecar container that converts StatsD metrics to Prometheus format, exposed on port `9102`. +- **Prometheus Metrics**: Exposes Prometheus metrics on port `9102`. These metrics are exported to Google Cloud Monitoring. - **Internal Load Balancer**: A Google Cloud TCP Load Balancer exposing the Rate Limit service internally within the VPC. ## Prerequisites: @@ -164,7 +164,6 @@ This module supports exporting native Prometheus metrics to **Google Cloud Monit `enable_metrics` is set to `true` by default. - ### Sample Metrics | Metric Name | Description | | :--- | :--- | From 54492f60705c62894464a132c5ca873daafca76b Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Wed, 25 Feb 2026 21:34:36 -0800 Subject: [PATCH 6/8] update port --- examples/terraform/envoy-ratelimiter/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/terraform/envoy-ratelimiter/README.md b/examples/terraform/envoy-ratelimiter/README.md index e133328bc050..b1275fbf2009 100644 --- a/examples/terraform/envoy-ratelimiter/README.md +++ b/examples/terraform/envoy-ratelimiter/README.md @@ -38,7 +38,7 @@ Example Beam Java Pipelines using it: - **Cloud NAT (Prerequisite)**: Allows private nodes to pull Docker images. - **Envoy Rate Limit Service**: A stateless Go/gRPC service that handles rate limit logic. - **Redis**: Stores the rate limit counters. -- **Prometheus Metrics**: Exposes Prometheus metrics on port `9102`. These metrics are exported to Google Cloud Monitoring. +- **Prometheus Metrics**: Exposes Prometheus metrics on port `9090`. These metrics are exported to Google Cloud Monitoring. - **Internal Load Balancer**: A Google Cloud TCP Load Balancer exposing the Rate Limit service internally within the VPC. ## Prerequisites: From 243c57faa528d32687fb0d69d7c7edddfe5fb9f1 Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Thu, 26 Feb 2026 08:35:52 -0800 Subject: [PATCH 7/8] Update examples/terraform/envoy-ratelimiter/deploy.sh Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- examples/terraform/envoy-ratelimiter/deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/terraform/envoy-ratelimiter/deploy.sh b/examples/terraform/envoy-ratelimiter/deploy.sh index edc75670130f..2ac0e081f7e5 100755 --- a/examples/terraform/envoy-ratelimiter/deploy.sh +++ b/examples/terraform/envoy-ratelimiter/deploy.sh @@ -27,7 +27,7 @@ if [ ! -d ".terraform" ]; then echo "Initializing Terraform..." terraform init else - # Run init to ensure providers are up to date + # Verify terraform initialization is valid, or re-initialize terraform init -upgrade=false >/dev/null 2>&1 || terraform init fi From a378e7c33125d7a76f615bd6f6dab952cdeb4653 Mon Sep 17 00:00:00 2001 From: Tarun Annapareddy Date: Thu, 26 Feb 2026 08:43:10 -0800 Subject: [PATCH 8/8] fix gemini review --- .../terraform/envoy-ratelimiter/ratelimit.tf | 18 ++++++++++++------ .../terraform/envoy-ratelimiter/variables.tf | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/examples/terraform/envoy-ratelimiter/ratelimit.tf b/examples/terraform/envoy-ratelimiter/ratelimit.tf index a916857fc426..96638e23563b 100644 --- a/examples/terraform/envoy-ratelimiter/ratelimit.tf +++ b/examples/terraform/envoy-ratelimiter/ratelimit.tf @@ -170,13 +170,19 @@ resource "kubernetes_deployment" "ratelimit" { name = "USE_PROMETHEUS" value = var.enable_metrics ? "true" : "false" } - env { - name = "PROMETHEUS_ADDR" - value = ":9090" + dynamic "env" { + for_each = var.enable_metrics ? [1] : [] + content { + name = "PROMETHEUS_ADDR" + value = ":9090" + } } - env { - name = "PROMETHEUS_PATH" - value = "/metrics" + dynamic "env" { + for_each = var.enable_metrics ? [1] : [] + content { + name = "PROMETHEUS_PATH" + value = "/metrics" + } } env { name = "USE_STATSD" diff --git a/examples/terraform/envoy-ratelimiter/variables.tf b/examples/terraform/envoy-ratelimiter/variables.tf index f6b36be2ec29..3d732372acff 100644 --- a/examples/terraform/envoy-ratelimiter/variables.tf +++ b/examples/terraform/envoy-ratelimiter/variables.tf @@ -183,7 +183,7 @@ variable "namespace" { } variable "enable_metrics" { - description = "Whether to deploy the statsd-exporter sidecar for Prometheus metrics" + description = "Enable metrics export to Google Cloud Monitoring" type = bool default = true }