Ratelimit: Expose rate limit shadowing state in Envoy filter metrics #42737
Description
Title: Expose rate limit shadowing state in Envoy filter metrics
Description:
Context/problem
When the rate limit service evaluates a request in shadow mode, Envoy’s rate_limit filter metrics don’t reveal that the decision was shadowed. Operators can’t distinguish enforced vs. shadowed rate-limit outcomes when tuning policies, so alerts and dashboards can only rely on service-side metrics.
Proposal
Extend RateLimitResponse with an optional shadowing boolean (default false). When true, Envoy’s rate_limit filter should surface dedicated stats (e.g., tagged shadow=true or new counters like shadow_allowed / shadow_over_limit) so observers can track shadow evaluations separately from enforced limits. If the flag is absent, behavior remains unchanged.
Benefits/use cases
Safely tune new limits by comparing shadowed vs. enforced results; build alerts on shadow-only breaches before enabling enforcement; debug discrepancies between RL service metrics and Envoy stats.
Backward compatibility
The flag is optional and defaults to false; existing configurations and metrics remain unchanged unless the RL service sets the flag.
Reference: Gateway request: envoyproxy/gateway#7785