Distributed rate limiting
This page explains how to configure and enable distributed rate limiting in Traefik Hub.
Introduction¶
Traefik Hub uses Redis (Remote Dictionary Server) as key-value store to store and share rate limit counters and data across all Traefik Hub agents.
The following Redis modes are supported:
- Single instance mode
- Redis Cluster
- Redis Sentinel
For more information about Redis, we recommend the official Redis documentation.
Before you begin¶
Before getting started, make sure to read our API rate limiting overview docs to learn about rate limiting with Traefik Hub.
Values¶
You need to adjust the default Traefik Hub agent configuration by adding the values needed for distributed rate limiting.
| Value | Description | Required |
|---|---|---|
endpoints |
Endpoints of the Redis instances to connect to (example: redis.traefik-hub.svc.cluster.local:6379) |
Yes |
username |
Username used for authentication | No |
password |
Password used for authentication | No |
database |
Database to use (default: 0) |
No |
cluster |
Enable Redis Cluster | No |
tls.caBundle |
Custom CA bundle | No |
tls.cert |
TLS certificate | No |
tls.key |
TLS key | No |
tls.insecureSkipVerify |
Skip TLS verifications | No |
sentinel.masterSet |
Name of the set of main nodes to use for main selection. Required when using Sentinel. | No |
sentinel.username |
Username to use for sentinel authentication (can be different from username) |
No |
sentinel.password |
Password to use for sentinel authentication (can be different from password) |
No |
If you use Redis in single instance mode or Redis Sentinel, you can configure the database field.
This value won't be taken into account if you use Redis Cluster (only database 0 is available).
In this case, a warning is displayed, and the value is ignored.
Adjust the configuration¶
If you don't have it already, save the default Traefik Hub configuration.
helm show values traefik/traefik-hub > values.yamlExamples
Second, adjust the values.yaml file by adding the configuration for distributed rate limiting to the additionalArguments part of the file.
additionalArguments:
# Redis single instance mode
- --hub.rateLimit.redis.endpoints=redis-headless.traefik-hub.svc.cluster.local:6379
- --hub.rateLimit.redis.password=$(PASSWORD)
additionalEnvVars:
# Redis in single instance mode
- name: PASSWORD
valueFrom:
secretKeyRef:
name: redis
key: redis-password
service:
type: LoadBalanceradditionalArguments:
# Redis Cluster
- --hub.rateLimit.redis.cluster=true
- --hub.rateLimit.redis.endpoints=redis-cluster.traefik-hub.svc.cluster.local:6379
- --hub.rateLimit.redis.password=$(CLUSTER_PASSWORD)
additionalEnvVars:
# Redis Cluster
- name: CLUSTER_PASSWORD
valueFrom:
secretKeyRef:
name: redis-cluster
key: redis-password
service:
type: LoadBalanceradditionalArguments:
# Redis Sentinel
- --hub.rateLimit.redis.endpoints=redis-sentinel.traefik-hub.svc.cluster.local:26379
- --hub.rateLimit.redis.password=$(SENTINEL_PASSWORD)
- --hub.rateLimit.redis.sentinel.password=$(SENTINEL_PASSWORD)
- --hub.rateLimit.redis.sentinel.masterSet=mymaster
additionalEnvVars:
# Redis Sentinel
- name: SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: redis-sentinel
key: redis-password
service:
type: LoadBalancer
All configuration settings
Please see the configuration options above for an overview about all possible values.
Deploy your custom settings¶
Once the configuration is adjusted, use Helm to (re)deploy the Traefik Hub agent with the new values to enable distributed rate limiting.
helm upgrade --install --namespace traefik-hub traefik-hub traefik/traefik-hub \
--values values.yamlWhat's next¶
- Check out the CRD reference about rate limiting