From 4096c9682e258eedc08af37846e722cacb0915b6 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Thu, 26 Oct 2023 12:09:59 -0400 Subject: [PATCH] Add enterprise label for rate limiting (#19384) --- .../config-entries/service-defaults.mdx | 18 +++++++++--------- .../manage-traffic/limit-request-rates.mdx | 16 +++++++++------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx index 4ae018a295..3023b73482 100644 --- a/website/content/docs/connect/config-entries/service-defaults.mdx +++ b/website/content/docs/connect/config-entries/service-defaults.mdx @@ -24,7 +24,7 @@ The following list outlines field hierarchy, language-specific data types, requi - [`Protocol`](#protocol): string | `tcp` - [`BalanceInboundConnections`](#balanceinboundconnections): string - [`Mode`](#mode): string -- [`RateLimits`](#ratelimits): map +- [`RateLimits`](#ratelimits): map | - [`InstanceLevel`](#ratelimits-instancelevel): map - [`RequestsPerSecond`](#ratelimits-instancelevel-requestspersecond): number - [`RequestsMaxBurst`](#ratelimits-instancelevel-requestsmaxburst): number @@ -109,7 +109,7 @@ The following list outlines field hierarchy, language-specific data types, requi - [`protocol`](#protocol): string | `tcp` - [`balanceInboundConnections`](#balanceinboundconnections): string - [`mode`](#mode): string - - [`rateLimits`](#spec-ratelimits): map + - [`rateLimits`](#spec-ratelimits): map | - [`instanceLevel`](#spec-ratelimits-instancelevel): map - [`requestsPerSecond`](#spec-ratelimits-instancelevel-requestspersecond): number - [`requestsMaxBurst`](#spec-ratelimits-instancelevel-requestsmaxburst): number @@ -605,7 +605,7 @@ Specifies a mode for how the service directs inbound and outbound traffic. - `direct`: The proxy's listeners must be dialed directly by the local application and other proxies. - `transparent`: The service captures inbound and outbound traffic and redirects it through the proxy. The mode does not enable the traffic redirection. It instructs Consul to configure Envoy as if traffic is already being redirected. -### `RateLimits` +### `RateLimits` Map containing an instance-level configuration for limiting the service's traffic rate. @@ -696,7 +696,7 @@ Specifies the name of the upstream service that the configuration applies to. We - Default: None - Data type: String -### `UpstreamConfig.Overrides[].Namespace` +### `UpstreamConfig.Overrides[].Namespace` Specifies the namespace containing the upstream service that the configuration applies to. Do not use the `*` wildcard to prevent the configuration from applying to unintended upstreams. @@ -1016,7 +1016,7 @@ Specifies the name of the service you are setting the defaults for. - This field is required - Data type: String -### `metadata.namespace` +### `metadata.namespace` Specifies the Consul namespace that the configuration entry applies to. Refer to [Consul Enterprise](/consul/docs/k8s/crds#consul-enterprise) for information about how Consul namespaces map to Kubernetes Namespaces. Consul Community Edition (Consul CE) ignores the `metadata.namespace` configuration. @@ -1071,7 +1071,7 @@ Specifies a mode for how the service directs inbound and outbound traffic. - `direct`: The proxy's listeners must be dialed directly by the local application and other proxies. - `transparent`: The service captures inbound and outbound traffic and redirects it through the proxy. The mode does not enable the traffic redirection. It instructs Consul to configure Envoy as if traffic is already being redirected. -### `spec.rateLimits` +### `spec.rateLimits` Map containing an instance-level configuration for limiting the service's traffic rate. @@ -1738,7 +1738,7 @@ Proxy services must be in transparent proxy mode to configure destinations. Refe -### Enable request rate limit for a service on all paths +### Enable request rate limit for a service on all paths The following example limits the request rate on all paths to `service-foo` to an average of `1000` requests per second but allows up to `1500` temporary concurrent requests. @@ -1782,7 +1782,7 @@ rateLimit: ``` -### Enable request rate limit on a prefixed path +### Enable request rate limit on a prefixed path The following example limits the request rate on all paths to `service-foo` to an average of `1000` requests per second but allows up to `1500` temporary concurrent requests. Request paths that begin with `/admin`, however, are limited to `20` requests per second. @@ -1842,7 +1842,7 @@ rateLimit: ``` -### Enable request rate limits on multiple paths +### Enable request rate limits on multiple paths The following example limits the request rate to the `billing` service when requests begin with `/api` and `/login`. diff --git a/website/content/docs/connect/manage-traffic/limit-request-rates.mdx b/website/content/docs/connect/manage-traffic/limit-request-rates.mdx index d9324dbaa9..142f0f3d21 100644 --- a/website/content/docs/connect/manage-traffic/limit-request-rates.mdx +++ b/website/content/docs/connect/manage-traffic/limit-request-rates.mdx @@ -8,17 +8,19 @@ description: Learn how to limit the rate of requests to services in a Consul ser This topic describes how to configure Consul to limit the request rate to services in the mesh. + This feature is available in Consul Enterprise. + ## Introduction Consul allows you to configure settings to limit the rate of HTTP requests a service receives from sources in the mesh. Limiting request rates is one strategy for building a resilient and highly-available network. Consul applies rate limits per service instance. As an example, if you specify a rate limit of 100 requests per second (RPS) for a service and five instances of the service are available, the service accepts a total of 500 RPS, which equals 100 RPS per instance. -You can limit request rates for all traffic to a service, as well as set rate limits for specific URL paths on a service. When multiple rate limits are configured on a service, Consul applies the limit configured for the first matching path. As a result, the maximum RPS for a service is equal to the number of service instances deployed for a service multiplied by either the rate limit configured for that service or the rate limit for the path. +You can limit request rates for all traffic to a service, as well as set rate limits for specific URL paths on a service. When multiple rate limits are configured on a service, Consul applies the limit configured for the first matching path. As a result, the maximum RPS for a service is equal to the number of service instances deployed for a service multiplied by either the rate limit configured for that service or the rate limit for the path. ## Requirements -Consul v1.17.0 or later +Consul Enterprise v1.17.0 or later ## Limit request rates to a service on all paths @@ -28,7 +30,7 @@ Specify request rate limits in the service defaults configuration entry. Create 1. `RateLimits.InstanceLevel.RequestPerSecond`: Set an average number of requests per second that Consul should allow to the service. The number of requests may momentarily exceed this value up to the value specified in the `RequestsMaxBurst` parameter, but Consul temporarily lowers the speed of the transactions. -1. `RateLimits.InstanceLevel.RequestsMaxBurst`: Set the maximum number of concurrent requests that Consul momentarily allows to the service. Consul blocks any additional requests over this limit. +1. `RateLimits.InstanceLevel.RequestsMaxBurst`: Set the maximum number of concurrent requests that Consul momentarily allows to the service. Consul blocks any additional requests over this limit. @@ -39,7 +41,7 @@ Specify request rate limits in the service defaults configuration entry. Create -Refer to the [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for additional specifications and example configurations. +Refer to the [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for additional specifications and example configurations. ## Specify request rate limits for specific paths @@ -48,7 +50,7 @@ Specify request rate limits in the service defaults configuration entry. Create -1. Add a `RateLimits.InstanceLevel.Routes` block to the configuration entry. The block contains the limits and matching criteria for determining which paths to set limits on. +1. Add a `RateLimits.InstanceLevel.Routes` block to the configuration entry. The block contains the limits and matching criteria for determining which paths to set limits on. 1. In the `Routes` block, configure one of the following match criteria to determine which path to set the limits on: - `PathExact`: Specifies the exact path to match on the request path. - `PathPrefix`: Specifies the path prefix to match on the request path. @@ -60,8 +62,8 @@ Specify request rate limits in the service defaults configuration entry. Create -1. Add a `spec.rateLimits.instanceLevel.routes` block to the configuration entry. The block contains the limits and matching criteria for determining which paths to set limits on. -1. In the `routes` block, configure one of the following match criteria for enabling Consul to determine which path to set the limits on: +1. Add a `spec.rateLimits.instanceLevel.routes` block to the configuration entry. The block contains the limits and matching criteria for determining which paths to set limits on. +1. In the `routes` block, configure one of the following match criteria for enabling Consul to determine which path to set the limits on: - `pathExact`: Specifies the exact path to match on the request path. When using this field. - `pathPrefix`: Specifies the path prefix to match on the request path. - `pathRegex`: Specifies a regular expression to match on the request path.