envoyproxy · arkodg · Jul 3, 2025 · Jun 23, 2025 · Jun 23, 2025 · Jun 24, 2025
@@ -505,6 +505,7 @@ type RedisTLSSettings struct {
 // RateLimitRedisSettings defines the configuration for connecting to redis database.
 type RateLimitRedisSettings struct {
 	// URL of the Redis Database.
+	// This can reference a single Redis host or a comma delimited list for Sentinel and Cluster deployments of Redis.
 	URL string `json:"url"`
 
 	// TLS defines TLS configuration for connecting to redis database.

@@ -8,6 +8,7 @@ package validation
 import (
 	"fmt"
 	"net/url"
+	"strings"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 )
@@ -167,8 +168,11 @@ func validateEnvoyGatewayRateLimit(rateLimit *egv1a1.RateLimit) error {
 	if rateLimit.Backend.Redis == nil || rateLimit.Backend.Redis.URL == "" {
 		return fmt.Errorf("empty ratelimit redis settings")
 	}
-	if _, err := url.Parse(rateLimit.Backend.Redis.URL); err != nil {
-		return fmt.Errorf("unknown ratelimit redis url format: %w", err)
+	redisHosts := strings.Split(rateLimit.Backend.Redis.URL, ",")
+	for _, host := range redisHosts {
+		if _, err := url.Parse(host); err != nil {
+			return fmt.Errorf("unknown ratelimit redis url format: %w", err)
+		}
 	}
 	return nil
 }

@@ -302,6 +302,42 @@ func TestValidateEnvoyGateway(t *testing.T) {
 			},
 			expect: true,
 		},
+		{
+			name: "happy ratelimit redis sentinel settings",
+			eg: &egv1a1.EnvoyGateway{
+				EnvoyGatewaySpec: egv1a1.EnvoyGatewaySpec{
+					Gateway:  egv1a1.DefaultGateway(),
+					Provider: egv1a1.DefaultEnvoyGatewayProvider(),
+					RateLimit: &egv1a1.RateLimit{
+						Backend: egv1a1.RateLimitDatabaseBackend{
+							Type: egv1a1.RedisBackendType,
+							Redis: &egv1a1.RateLimitRedisSettings{
+								URL: "primary_.-,node-0:26379,node-1:26379",
+							},
+						},
+					},
+				},
+			},
+			expect: true,
+		},
+		{
+			name: "happy ratelimit redis cluster settings",
+			eg: &egv1a1.EnvoyGateway{
+				EnvoyGatewaySpec: egv1a1.EnvoyGatewaySpec{
+					Gateway:  egv1a1.DefaultGateway(),
+					Provider: egv1a1.DefaultEnvoyGatewayProvider(),
+					RateLimit: &egv1a1.RateLimit{
+						Backend: egv1a1.RateLimitDatabaseBackend{
+							Type: egv1a1.RedisBackendType,
+							Redis: &egv1a1.RateLimitRedisSettings{
+								URL: "node-0:6376,node-1:6376,node-2:6376",
+							},
+						},
+					},
+				},
+			},
+			expect: true,
+		},
 		{
 			name: "happy extension settings",
 			eg: &egv1a1.EnvoyGateway{

@@ -43,7 +43,7 @@ bug fixes: |
   Fixed validation issue where EnvoyExtensionPolicy ExtProc failOpen is true, and body processing mode FullDuplexStreamed is not rejected.
   Add ConfigMap indexers for EnvoyExtensionPolicies to reconcile Lua changes
   Fixed issue that default accesslog format not working.
-
+  Fixed validation errors when the rateLimit url for Redis in the EnvoyGateway API includes multiple comma separated hosts.
 
 # Enhancements that improve performance.
 performance improvements: |

@@ -4009,7 +4009,7 @@ _Appears in:_
 
 | Field | Type | Required | Default | Description |
 | ---   | ---  | ---      | ---     | ---         |
-| `url` | _string_ |  true  |  | URL of the Redis Database. |
+| `url` | _string_ |  true  |  | URL of the Redis Database.<br />This can reference a single Redis host or a comma delimited list for Sentinel and Cluster deployments of Redis. |
 | `tls` | _[RedisTLSSettings](#redistlssettings)_ |  false  |  | TLS defines TLS configuration for connecting to redis database. |