groupcache_ratelimit

module

v0.1.0 Latest Latest Go to latest Published: Mar 3, 2024 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/udhos/groupcache_ratelimit

Links

Open Source Insights

README ¶

groupcache_ratelimit

groupcache_ratelimit provides rate limiting for distributed applications using groupcache.

Usage

import (
    "github.com/modernprogram/groupcache/v2"
    "github.com/udhos/groupcache_exporter"
    "github.com/udhos/groupcache_exporter/groupcache/modernprogram"
    "github.com/udhos/groupcache_ratelimit/ratelimit"
    "github.com/udhos/kubegroup/kubegroup"
)

//
// Initialize groupcache as usual.
//

groupcachePort := ":5000"

workspace := groupcache.NewWorkspace()

// Example using kubegroup for kubernetes peers autodiscovery
myURL, errURL = kubegroup.FindMyURL(groupcachePort)

pool := groupcache.NewHTTPPoolOptsWithWorkspace(workspace, myURL, &groupcache.HTTPPoolOptions{})

// Start groupcache peering server
server := &http.Server{Addr: groupcachePort, Handler: pool}
go func() {
    log.Printf("groupcache server: listening on %s", groupcachePort)
    err := server.ListenAndServe()
    log.Printf("groupcache server: exited: %v", err)
}()

// Start kubegroup autodiscovery
optionsKg := kubegroup.Options{
    Pool:           pool,
    GroupCachePort: groupCachePort,
}
group, errGroup := kubegroup.UpdatePeers(optionsKg)
if errGroup != nil {
    log.Fatalf("kubegroup: %v", errGroup)
}

//
// Create the rate limiter: 60 slots at every 30-seconds interval.
//
optionsLim := ratelimit.Options{
    Interval:            30 * time.Second,
    Slots:               60,
    GroupcacheWorkspace: workspace,
}

lim := ratelimit.New(optionsLim)

//
// Optionally expose groupcache metrics for rate limiter in Prometheus format.
//
labels := map[string]string{}
namespace := ""
collector := groupcache_exporter.NewExporter(namespace, labels, lim.MetricsExporter())
prometheus.MustRegister(collector)

//
// Query the rate limiter.
//
accept, errRate := lim.Consume(context.TODO(), "some-key")
if errRate == nil {
    if accept {
        log.Printf("key accepted by rate limiting")
    } else {
        log.Printf("key rejected by rate limiting")
    }
} else {
    log.Printf("rate limiting error: %v", errRate)
}

Istio interceptionMode TPROXY

Istio sidecard interceptionMode with REDIRECT hides real source IP.

In order to receive the real POD source IP to perform rate limiting, set POD annotation sidecar.istio.io/interceptionMode to TPROXY.

annotations:
  "sidecar.istio.io/interceptionMode": "TPROXY" # REDIRECT or TPROXY

Documentation: https://istio.io/latest/docs/reference/config/annotations/#SidecarInterceptionMode

Example helm chart: https://github.com/udhos/kubecache/blob/main/charts/kubecache/values.yaml#L40

Directories ¶

Path	Synopsis
cmd
groupcache-ratelimit-example Package main implements the example tool.	Package main implements the example tool.
ratelimit Package ratelimit implements rate limiting with groupcache.	Package ratelimit implements rate limiting with groupcache.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL