Distributed Rate Limit
Enable distributed rate limiting in Traefik Hub.
Introduction
Traefik Hub uses Redis (Remote Dictionary Server) to store rate limit information across all Traefik Hub agents.
Connection parameters to your Redis server are attached to your Traefik Hub deployment.
The following Redis modes are supported:
- Single instance mode
- Redis Cluster
- Redis Sentinel
For more information about Redis, we recommend the official Redis documentation.
Available Configuration Options
The table below lists the configuration options in Traefik Hub to connect to Redis and store rate limit information.
| Value | Description | Required |
|---|---|---|
endpoints | Endpoints of the Redis instances to connect to (example: redis.traefik-hub.svc.cluster.local:6379) | Yes |
username | The username Traefik Hub will use to connect to Redis | No |
password | The password Traefik Hub will use to connect to Redis | No |
database | The database Traefik Hub will use to sore information (default: 0) | No |
cluster | Enable Redis Cluster | No |
tls.caBundle | Custom CA bundle | No |
tls.cert | TLS certificate | No |
tls.key | TLS key | No |
tls.insecureSkipVerify | Allow skipping the TLS verification | No |
sentinel.masterSet | Name of the set of main nodes to use for main selection. Required when using Sentinel. | No |
sentinel.username | Username to use for sentinel authentication (can be different from username) | No |
sentinel.password | Password to use for sentinel authentication (can be different from password) | No |
If you use Redis in single instance mode or Redis Sentinel, you can configure the database field.
This value won't be taken into account if you use Redis Cluster (only database 0 is available).
In this case, a warning is displayed, and the value is ignored.
Adjust Traefik Hub's Configuration
First, save the default Traefik Hub configuration to a values.yaml file.
helm show values traefik/traefik-hub > values.yaml
Second, adjust the values.yaml file by adding the configuration for distributed rate limiting to the additionalArguments part.
- Redis single instance
- Redis Cluster
- Redis Sentinel
additionalArguments:
# Redis single instance mode
- --hub.rateLimit.redis.endpoints=redis-headless.traefik-hub.svc.cluster.local:6379
- --hub.rateLimit.redis.password=$(PASSWORD)
additionalEnvVars:
# Redis in single instance mode
- name: PASSWORD
valueFrom:
secretKeyRef:
name: redis
key: redis-password
service:
type: LoadBalancer
additionalArguments:
# Redis Cluster
- --hub.rateLimit.redis.cluster=true
- --hub.rateLimit.redis.endpoints=redis-cluster.traefik-hub.svc.cluster.local:6379
- --hub.rateLimit.redis.password=$(CLUSTER_PASSWORD)
additionalEnvVars:
# Redis Cluster
- name: CLUSTER_PASSWORD
valueFrom:
secretKeyRef:
name: redis-cluster
key: redis-password
service:
type: LoadBalancer
additionalArguments:
# Redis Sentinel
- --hub.rateLimit.redis.endpoints=redis-sentinel.traefik-hub.svc.cluster.local:26379
- --hub.rateLimit.redis.password=$(SENTINEL_PASSWORD)
- --hub.rateLimit.redis.sentinel.password=$(SENTINEL_PASSWORD)
- --hub.rateLimit.redis.sentinel.masterSet=mymaster
additionalEnvVars:
# Redis Sentinel
- name: SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: redis-sentinel
key: redis-password
service:
type: LoadBalancer
Please see the configuration options above for an overview about all possible values.
Deploy Your Custom Configuration
Once the configuration is adjusted, use Helm to (re)deploy the Traefik Hub agent with the new values to enable distributed rate limiting.
helm upgrade --install --namespace traefik-hub traefik-hub traefik/traefik-hub \
--values values.yaml