Distributed Rate Limiting

TraefikEE supports distributed rate limiting. It's a middleware just like Traefik's rate limiting middleware, but it ensures that requests are limited over time throughout your cluster and not just on an individual proxy.

Configuration Example

To use distributed rate limiting, you'll need to deploy a service with the middleware enabled. Here are some examples depending on the provider you're using:

# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
  - "traefik.http.middlewares.test-ratelimit.plugin.ratelimit.average=100"
  - "traefik.http.middlewares.test-ratelimit.plugin.ratelimit.burst=50"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  plugin:
    rateLimit:
      average: 100
      burst: 50
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
  [http.middlewares.test-ratelimit.plugin.rateLimit]
    average = 100
    burst = 50
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
http:
  middlewares:
    test-ratelimit:
      plugin:
        rateLimit:
          average: 100
          burst: 50

Configuration Options

For more information on the different configuration possibilities (average, burst, sourceCriterion etc.), refer to the Traefik Reference.

Migrating from Traefik

If a Traefik configuration for the rate limit middleware exists, it can adapted for TraefikEE simply by using plugin.rateLimit instead of rateLimit. See the examples above for the different providers.

A Traefik middleware configuration can be kept, which will run the non-distributed version of the middleware on each proxy. This means the limiting is per-proxy and not throughout the entire cluster, so be careful.