New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate limiting for frontends #2034
Conversation
integration/integration_test.go
Outdated
@@ -42,6 +42,7 @@ func init() { | |||
check.Suite(&SimpleSuite{}) | |||
check.Suite(&TimeoutSuite{}) | |||
check.Suite(&WebsocketSuite{}) | |||
check.Suite(&RateLimitSuite{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you move this line to be in alphabetical order?
integration/ratelimit_test.go
Outdated
err = try.GetRequest("http://127.0.0.1:80/", 500*time.Millisecond, try.StatusCodeIs(http.StatusTooManyRequests)) | ||
c.Assert(err, checker.IsNil) | ||
|
||
time.Sleep(3 * time.Second) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you explains this line?
@@ -890,6 +891,30 @@ func (server *Server) loadConfig(configurations types.Configurations, globalConf | |||
} | |||
} | |||
|
|||
if frontend.RateLimit != nil && len(frontend.RateLimit.RateSet) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you isolate this into a function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I have this comment addressed with the server.buildRateLimiter function I added. Of course, let me know if you had something else in mind though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you did exactly what I wanted👍
glide.lock
Outdated
@@ -331,7 +337,7 @@ imports: | |||
- name: github.com/Masterminds/semver | |||
version: 59c29afe1a994eacb71c833025ca7acf874bb1da | |||
- name: github.com/Masterminds/sprig | |||
version: 9526be0327b26ad31aa70296a7b10704883976d5 | |||
version: e039e20e500c2c025d9145be375e27cf42a94174 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this update is not required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree this update doesn't seem to be necessary. After looking at this again, I'm actually sure not how to handle it though. For Masterminds/sprig, the versions don't seem to match between glide.yml and glide.lock. I'm not super familiar with glide, but I guess thats why glide went ahead with the update? Any advice is appreciated
glide.lock
Outdated
@@ -95,6 +95,8 @@ imports: | |||
- name: github.com/coreos/etcd | |||
version: c400d05d0aa73e21e431c16145e558d624098018 | |||
subpackages: | |||
- Godeps/_workspace/src/github.com/ugorji/go/codec |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you remove those lines?
docs/basics.md
Outdated
@@ -278,6 +278,32 @@ Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc | |||
|
|||
In this example, traffic routed through the first frontend will have the `X-Frame-Options` header set to `DENY`, and the second will only allow HTTPS request through, otherwise will return a 301 HTTPS redirect. | |||
|
|||
#### Rate limiting | |||
|
|||
Rate limiting can be configured per frontend. Multiple sets of rates can be added to each frontend, but the time periods must be unique. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you put one sentence by line?
docs/basics.md
Outdated
burst = 10 | ||
``` | ||
|
||
In the above example, frontend1 is configured to limit requests by the client's ip address. An average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. These can "burst" up to 10 and 200 in each period respectively. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you put one sentence by line?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Many thanks for this great PR.
I have just one suggestion about the integration test. 😉
integration/ratelimit_test.go
Outdated
time.Sleep(3 * time.Second) | ||
err = try.GetRequest("http://127.0.0.1:80/", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK)) | ||
c.Assert(err, checker.IsNil) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe can you set lesser values to frontends.frontend1.ratelimit.rateset.rateset1
(average = 4
and burst = 5
?) in the toml file and check if this rateset is respected too in the TestSimpleConfiguration
test or in another one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 You're right. Its a good idea to test that first time period too.
Thanks for the review and feedback guys. I think I have glide straightened out now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👏 👏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the great pr :) Brings in a new nifty feature.
LGTM 👼
2d22aee
to
dff230b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job !
LGTM
I can't find the doc changes in this PR at https://docs.traefik.io/basics/, is there any reason for that? |
@trondhindenes because it's a 1.5 features. |
gotcha. Thanks! |
How can I use this in Traefik Ingress Controller on my Kubernetes cluster? Is there any way to set the rate limit using Annotations? |
@tobernguyen For now, you cannot define rate limit with annotations. |
@ldez that's awesome! Thank you very much. |
Description
This is to add a rate limiting capability in Traefik, as in #643