chore: add rate limiting

jhandguy · Oct 1, 2023 · 6edae61 · 6edae61
1 parent b07aee4
commit 6edae61
Show file tree

Hide file tree

Showing 9 changed files with 70 additions and 23 deletions.
diff --git a/dynamo/k6/script.js b/dynamo/k6/script.js
@@ -3,11 +3,18 @@ import {check, sleep} from 'k6';
 import {randomString, uuidv4} from 'https://jslib.k6.io/k6-utils/1.4.0/index.js';
 
 export const options = {
-    stages: [
-        {target: 10, duration: '20s'},
-        {target: 10, duration: '20s'},
-        {target: 0, duration: '20s'},
-    ],
+    scenarios: {
+        load: {
+            executor: 'ramping-arrival-rate',
+            startRate: 1,
+            timeUnit: '1s',
+            preAllocatedVUs: 10,
+            stages: [
+                {target: 10, duration: '40s'},
+                {target: 0, duration: '20s'},
+            ],
+        },
+    },
     thresholds: {
         'checks': ['rate>0.9'],
         'grpc_req_duration{method:CreateItem}': ['p(95)<10000'],

diff --git a/gateway/k6/script.js b/gateway/k6/script.js
@@ -3,11 +3,18 @@ import {check, sleep} from 'k6';
 import {randomString, uuidv4} from 'https://jslib.k6.io/k6-utils/1.4.0/index.js';
 
 export const options = {
-    stages: [
-        {target: 40, duration: '1m'},
-        {target: 40, duration: '1m'},
-        {target: 0, duration: '1m'},
-    ],
+    scenarios: {
+        load: {
+            executor: 'ramping-arrival-rate',
+            startRate: 1,
+            timeUnit: '1s',
+            preAllocatedVUs: 20,
+            stages: [
+                {target: 20, duration: '40s'},
+                {target: 0, duration: '20s'},
+            ],
+        },
+    },
     thresholds: {
         'checks': ['rate>0.9'],
         'http_req_duration{method:POST}': ['p(95)<10000'],

diff --git a/s3/k6/script.js b/s3/k6/script.js
@@ -3,11 +3,18 @@ import {check, sleep} from 'k6';
 import {randomString, uuidv4} from 'https://jslib.k6.io/k6-utils/1.4.0/index.js';
 
 export const options = {
-    stages: [
-        {target: 10, duration: '20s'},
-        {target: 10, duration: '20s'},
-        {target: 0, duration: '20s'},
-    ],
+    scenarios: {
+        load: {
+            executor: 'ramping-arrival-rate',
+            startRate: 1,
+            timeUnit: '1s',
+            preAllocatedVUs: 10,
+            stages: [
+                {target: 10, duration: '40s'},
+                {target: 0, duration: '20s'},
+            ],
+        },
+    },
     thresholds: {
         'checks': ['rate>0.9'],
         'grpc_req_duration{method:CreateObject}': ['p(95)<10000'],

diff --git a/sql/helm/templates/ingress.yaml b/sql/helm/templates/ingress.yaml
@@ -9,6 +9,9 @@ metadata:
     app: {{ $.Release.Name }}
   annotations:
     cert-manager.io/issuer: {{ $.Release.Name }}
+{{- with .rateLimitRequests }}
+    haproxy.org/rate-limit-requests: "{{ . }}"
+{{- end }}
 spec:
   rules:
     - host: {{ .host }}

diff --git a/sql/k6/script.js b/sql/k6/script.js
@@ -3,12 +3,19 @@ import {check, sleep} from 'k6';
 import {randomItem, randomString, uuidv4} from 'https://jslib.k6.io/k6-utils/1.4.0/index.js';
 
 export const options = {
-    setupTimeout: '2m',
-    stages: [
-        {target: 20, duration: '40s'},
-        {target: 20, duration: '40s'},
-        {target: 0, duration: '40s'},
-    ],
+    setupTimeout: '3m',
+    scenarios: {
+        load: {
+            executor: 'ramping-arrival-rate',
+            startRate: 1,
+            timeUnit: '1s',
+            preAllocatedVUs: 10,
+            stages: [
+                {target: 10, duration: '40s'},
+                {target: 0, duration: '20s'},
+            ],
+        },
+    },
     thresholds: {
         'checks': ['rate>0.9'],
         'http_req_duration{method:POST}': ['p(95)<10000'],
@@ -37,6 +44,7 @@ export function setup() {
         };
 
         check(http.post(`${url}/user`, JSON.stringify(user), params), {
+            'post response status is not 403': (r) => r.status !== 403,
             'post response status is 201': (r) => r.status === 201,
             'post response body is valid': (r) => r.json().id === user.id && r.json().name === user.name,
         });
@@ -49,11 +57,14 @@ export function setup() {
             };
 
             check(http.post(`${url}/message`, JSON.stringify(message), params), {
+                'post response status is not 403': (r) => r.status !== 403,
                 'post response status is 201': (r) => r.status === 201,
                 'post response body is valid': (r) => r.json().id === message.id && r.json().content === message.content && r.json().user_id === message.user_id,
             });
 
             messages.push(message)
+
+            sleep(0.03);
         }
 
         users.push({
@@ -71,16 +82,16 @@ export function setup() {
 export default function (data) {
     const user = randomItem(data.users);
     check(http.get(`${url}/user/${user.id}/messages`, params), {
+        'get response status is not 403': (r) => r.status !== 403,
         'get response status is 200': (r) => r.status === 200,
         'get response body is valid': (r) => r.json().length === user.messages.length,
     });
-
-    sleep(1);
 }
 
 export function teardown(data) {
     for (let user of data.users) {
         check(http.del(`${url}/user/${user.id}`, null, params), {
+            'delete response status is not 403': (r) => r.status !== 403,
             'delete response status is 200': (r) => r.status === 200,
         });
     }

diff --git a/terraform/environments/haproxy/modules.tf b/terraform/environments/haproxy/modules.tf
@@ -67,6 +67,7 @@ module "sql_postgres" {
     "sql_token"         = random_password.sql_postgres_token.result
     "tempo_url"         = module.tempo.otlp_grpc_url
   }
+  rate_limit_requests = 40
 }
 
 module "sql_mysql" {
@@ -89,6 +90,7 @@ module "sql_mysql" {
     "sql_token"         = random_password.sql_mysql_token.result
     "tempo_url"         = module.tempo.otlp_grpc_url
   }
+  rate_limit_requests = 40
 }
 
 module "mimir" {

diff --git a/terraform/modules/sql/README.md b/terraform/modules/sql/README.md
@@ -30,6 +30,7 @@ No modules.
 | <a name="input_node_ip"></a> [node\_ip](#input\_node\_ip) | Node ip | `string` | n/a | yes |
 | <a name="input_node_ports"></a> [node\_ports](#input\_node\_ports) | Node ports | `tuple([number, number])` | n/a | yes |
 | <a name="input_prometheus_enabled"></a> [prometheus\_enabled](#input\_prometheus\_enabled) | Enable Prometheus | `bool` | `true` | no |
+| <a name="input_rate_limit_requests"></a> [rate\_limit\_requests](#input\_rate\_limit\_requests) | Rate limit requests | `number` | `0` | no |
 | <a name="input_replicas"></a> [replicas](#input\_replicas) | Replicas | `number` | `1` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets | `map(string)` | `{}` | no |
 

diff --git a/terraform/modules/sql/helm_releases.tf b/terraform/modules/sql/helm_releases.tf
@@ -14,6 +14,9 @@ resource "helm_release" "sql" {
       metrics: ${var.node_ports.1}
     ingress:
       host: ${var.ingress_host}
+%{if var.rate_limit_requests > 0}
+      rateLimitRequests: ${var.rate_limit_requests}
+%{endif}
     prometheus:
       enabled: ${var.prometheus_enabled}
       groupName: ${var.feature == "mysql" ? "MySQL" : title(var.feature)}

diff --git a/terraform/modules/sql/variables.tf b/terraform/modules/sql/variables.tf
@@ -40,3 +40,9 @@ variable "prometheus_enabled" {
   default     = true
   description = "Enable Prometheus"
 }
+
+variable "rate_limit_requests" {
+  type        = number
+  default     = 0
+  description = "Rate limit requests"
+}