feat: Support runtime control of connection rate limiting via socket#930
feat: Support runtime control of connection rate limiting via socket#930b1tamara wants to merge 4 commits into
Conversation
Co-authored-by: Alexander Nicke <alexander.nicke@sap.com> Co-authored-by: Dariquest <daria.anton@sap.com> Co-authored-by: M Rizwan Shaik <m.rizwan.shaik@sap.com>
cf-foundation-community-automation
Bot
moved this to Inbox
in Application Runtime Platform Working Group
|
|
||
| > Note: You will likely need `sudo` permission to run socat. | ||
|
|
||
| ## Control Connection Rate Limiting via HAProxy Runtime API |
There was a problem hiding this comment.
Maybe make the two new proc. variables more prominent, by introducing them in an unsorted list, similar to the variables and options listed in the section "Configuration Options". It was first a bit hard for me to understand why we have these proc variables now.
One point about the naming:
connections_rate_limit.block -> proc.conn_rate_block
connections_rate_limit.connections -> proc.conn_rate_limit
Is inconsistent. If we could still change the it and accept it's breaking, I'd prefer the following variable naming:
connection_rate_limit.enabled -> proc.connection_rate_limit_enabled
connection_rate_limit.connections -> proc.connection_rate_limit_connections
This would be more consistent, and having enabled instead of block indicates that this is a boolean switch.
There was a problem hiding this comment.
Renamed variables:
connection_rate_limit.block -> proc.connection_rate_limit_block
connection_rate_limit.connections -> proc.connection_rate_limit_connections
Enhanced the documentation
| <%- if_p("ha_proxy.connections_rate_limit.connections") do |conn_rate_connections| -%> | ||
| set-var proc.conn_rate_limit int(<%= conn_rate_connections %>) | ||
| <%- end -%> |
There was a problem hiding this comment.
Did I understand correctly that the existence of connections_rate_limit.connections in manifest controls if haproxy config will have a process variable, and when it is not set in manifest, the rate-limit control is not possible on the fly? If so, it does not look straightforward to me.
Can we set the variable to zero if the parameter is not set in the manifest? Similar to what we do for proc.conn_rate_block.
| <%- if_p("ha_proxy.connections_rate_limit.connections") do |conn_rate_connections| -%> | |
| set-var proc.conn_rate_limit int(<%= conn_rate_connections %>) | |
| <%- end -%> | |
| set-var proc.conn_rate_limit int(<%= p("ha_proxy.connections_rate_limit.connections", 0) %>) |
There was a problem hiding this comment.
We store the value from the manifest in a process-level variable if defined. If not, it can be set via the socket later. We cannot set the default value to 0, as 0 is a very wrong threshold.
Co-authored-by: Clemens Hoffmann <clemens.hoffmann@sap.com>
github-project-automation
Bot
moved this from Inbox
to Pending Merge | Prioritized
in Application Runtime Platform Working Group
3 participants
The PR introduces process-level variables (for the properties block and connections) for the connection rate limit feature, enabling runtime control via the HAProxy Runtime API. It allows dynamic start/stop of rate limiting and on-the-fly threshold changes
Co-Authored-By: @Dariquest and @Mrizwanshaik