Rate limiting for frontends #2034
Conversation
ldez
added
kind/enhancement
ldez
added
status/1-needs-design-review
status/2-needs-review
and removed
status/2-needs-review
status/1-needs-design-review
labels
integration/integration_test.go
Outdated
| @@ -42,6 +42,7 @@ func init() { | |||
| check.Suite(&SimpleSuite{}) | |||
| check.Suite(&TimeoutSuite{}) | |||
| check.Suite(&WebsocketSuite{}) | |||
| check.Suite(&RateLimitSuite{}) | |||
There was a problem hiding this comment.
Could you move this line to be in alphabetical order?
integration/ratelimit_test.go
Outdated
| err = try.GetRequest("http://127.0.0.1:80/", 500*time.Millisecond, try.StatusCodeIs(http.StatusTooManyRequests)) | ||
| c.Assert(err, checker.IsNil) | ||
|
|
||
| time.Sleep(3 * time.Second) |
| @@ -890,6 +891,30 @@ func (server *Server) loadConfig(configurations types.Configurations, globalConf | |||
| } | |||
| } | |||
|
|
|||
| if frontend.RateLimit != nil && len(frontend.RateLimit.RateSet) > 0 { | |||
There was a problem hiding this comment.
Could you isolate this into a function?
There was a problem hiding this comment.
I think I have this comment addressed with the server.buildRateLimiter function I added. Of course, let me know if you had something else in mind though.
glide.lock
Outdated
| @@ -331,7 +337,7 @@ imports: | |||
| - name: github.com/Masterminds/semver | |||
| version: 59c29afe1a994eacb71c833025ca7acf874bb1da | |||
| - name: github.com/Masterminds/sprig | |||
| version: 9526be0327b26ad31aa70296a7b10704883976d5 | |||
| version: e039e20e500c2c025d9145be375e27cf42a94174 | |||
There was a problem hiding this comment.
I think this update is not required.
There was a problem hiding this comment.
I agree this update doesn't seem to be necessary. After looking at this again, I'm actually sure not how to handle it though. For Masterminds/sprig, the versions don't seem to match between glide.yml and glide.lock. I'm not super familiar with glide, but I guess thats why glide went ahead with the update? Any advice is appreciated
glide.lock
Outdated
| @@ -95,6 +95,8 @@ imports: | |||
| - name: github.com/coreos/etcd | |||
| version: c400d05d0aa73e21e431c16145e558d624098018 | |||
| subpackages: | |||
| - Godeps/_workspace/src/github.com/ugorji/go/codec | |||
docs/basics.md
Outdated
| @@ -278,6 +278,32 @@ Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc | |||
|
|
|||
| In this example, traffic routed through the first frontend will have the `X-Frame-Options` header set to `DENY`, and the second will only allow HTTPS request through, otherwise will return a 301 HTTPS redirect. | |||
|
|
|||
| #### Rate limiting | |||
|
|
|||
| Rate limiting can be configured per frontend. Multiple sets of rates can be added to each frontend, but the time periods must be unique. | |||
There was a problem hiding this comment.
Could you put one sentence by line?
docs/basics.md
Outdated
| burst = 10 | ||
| ``` | ||
|
|
||
| In the above example, frontend1 is configured to limit requests by the client's ip address. An average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. These can "burst" up to 10 and 200 in each period respectively. |
There was a problem hiding this comment.
Could you put one sentence by line?
integration/ratelimit_test.go
Outdated
| time.Sleep(3 * time.Second) | ||
| err = try.GetRequest("http://127.0.0.1:80/", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK)) | ||
| c.Assert(err, checker.IsNil) | ||
| } |
There was a problem hiding this comment.
Maybe can you set lesser values to frontends.frontend1.ratelimit.rateset.rateset1 (average = 4 and burst = 5?) in the toml file and check if this rateset is respected too in the TestSimpleConfiguration test or in another one?
There was a problem hiding this comment.
👍 You're right. Its a good idea to test that first time period too.
|
Thanks for the review and feedback guys. I think I have glide straightened out now |
ldez
force-pushed
the
ratelimit
branch
3 times, most recently
from
2d22aee
to
dff230b
Compare
ldez
added
status/2-needs-review
status/3-needs-merge
and removed
status/3-needs-merge
status/2-needs-review
labels
|
I can't find the doc changes in this PR at https://docs.traefik.io/basics/, is there any reason for that? |
|
@trondhindenes because it's a 1.5 features. |
|
gotcha. Thanks! |
|
How can I use this in Traefik Ingress Controller on my Kubernetes cluster? Is there any way to set the rate limit using Annotations? |
|
@tobernguyen For now, you cannot define rate limit with annotations. |
|
@ldez that's awesome! Thank you very much. |
Description
This is to add a rate limiting capability in Traefik, as in #643