github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

GCE provider: Rate limit all API calls

Browse Source 
Instead of just rate limits to operation polling, send all API calls
through a rate limited RoundTripper.

This isn't a perfect solution, since the QPS is obviously getting
split between different controllers, etc., but it's also spread across
different APIs, which, in practice, rate limit differently.

Fixes #26119 (hopefully)
This commit is contained in:
Zach Loafman 2016-05-23 23:23:53 -07:00
parent bf0a5e9fac
commit 9b5cdfb705
2 changed files with 65 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
pkg/cloudprovider/providers/gce/gce.go
View File

@ -76,16 +76,15 @@ const (
// GCECloud is an implementation of Interface, LoadBalancer and Instances for Google Compute Engine. // GCECloud is an implementation of Interface, LoadBalancer and Instances for Google Compute Engine.
type GCECloud struct { type GCECloud struct {
service *compute.Service service *compute.Service
containerService *container.Service containerService *container.Service
projectID string projectID string
region string region string
localZone string // The zone in which we are running localZone string // The zone in which we are running
managedZones []string // List of zones we are spanning (for Ubernetes-Lite, primarily when running on master) managedZones []string // List of zones we are spanning (for Ubernetes-Lite, primarily when running on master)
networkURL string networkURL string
nodeTags []string // List of tags to use on firewall rules for load balancers nodeTags []string // List of tags to use on firewall rules for load balancers
useMetadataServer bool useMetadataServer bool
operationPollRateLimiter flowcontrol.RateLimiter
} }
type Config struct { type Config struct {
@ -113,6 +112,16 @@ func (g *GCECloud) GetComputeService() *compute.Service {
return g.service return g.service
} }
type rateLimitedRoundTripper struct {
rt http.RoundTripper
limiter flowcontrol.RateLimiter
}
func (rl *rateLimitedRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
rl.limiter.Accept()
return rl.rt.RoundTrip(req)
}
func getProjectAndZone() (string, string, error) { func getProjectAndZone() (string, string, error) {
result, err := metadata.Get("instance/zone") result, err := metadata.Get("instance/zone")
if err != nil { if err != nil {
@ -283,6 +292,11 @@ func CreateGCECloud(projectID, region, zone string, managedZones []string, netwo
} }
client := oauth2.NewClient(oauth2.NoContext, tokenSource) client := oauth2.NewClient(oauth2.NoContext, tokenSource)
// Override the transport to make it rate-limited.
client.Transport = &rateLimitedRoundTripper{
rt: client.Transport,
limiter: flowcontrol.NewTokenBucketRateLimiter(10, 100), // 10 qps, 100 bucket size.
}
svc, err := compute.New(client) svc, err := compute.New(client)
if err != nil { if err != nil {
return nil, err return nil, err
@ -311,19 +325,16 @@ func CreateGCECloud(projectID, region, zone string, managedZones []string, netwo
glog.Infof("managing multiple zones: %v", managedZones) glog.Infof("managing multiple zones: %v", managedZones)
} }
operationPollRateLimiter := flowcontrol.NewTokenBucketRateLimiter(10, 100) // 10 qps, 100 bucket size.
return &GCECloud{ return &GCECloud{
service: svc, service: svc,
containerService: containerSvc, containerService: containerSvc,
projectID: projectID, projectID: projectID,
region: region, region: region,
localZone: zone, localZone: zone,
managedZones: managedZones, managedZones: managedZones,
networkURL: networkURL, networkURL: networkURL,
nodeTags: nodeTags, nodeTags: nodeTags,
useMetadataServer: useMetadataServer, useMetadataServer: useMetadataServer,
operationPollRateLimiter: operationPollRateLimiter,
}, nil }, nil
} }
@ -404,7 +415,6 @@ func (gce *GCECloud) waitForOp(op *compute.Operation, getOperation func(operatio
opName := op.Name opName := op.Name
return wait.Poll(operationPollInterval, operationPollTimeoutDuration, func() (bool, error) { return wait.Poll(operationPollInterval, operationPollTimeoutDuration, func() (bool, error) {
start := time.Now() start := time.Now()
gce.operationPollRateLimiter.Accept()
duration := time.Now().Sub(start) duration := time.Now().Sub(start)
if duration > 5*time.Second { if duration > 5*time.Second {
glog.Infof("pollOperation: waited %v for %v", duration, opName) glog.Infof("pollOperation: waited %v for %v", duration, opName)

32
pkg/cloudprovider/providers/gce/gce_test.go
View File

@ -17,11 +17,15 @@ limitations under the License.
package gce package gce
import ( import (
"net/http"
"net/http/httptest"
"reflect" "reflect"
"testing" "testing"
compute "google.golang.org/api/compute/v1" compute "google.golang.org/api/compute/v1"
"k8s.io/kubernetes/pkg/util/flowcontrol"
"k8s.io/kubernetes/pkg/util/rand" "k8s.io/kubernetes/pkg/util/rand"
utiltesting "k8s.io/kubernetes/pkg/util/testing"
) )
func TestGetRegion(t *testing.T) { func TestGetRegion(t *testing.T) {
@ -260,3 +264,31 @@ func TestComputeUpdate(t *testing.T) {
// } // }
} }
} }
func TestRateLimitedRoundTripper(t *testing.T) {
handler := utiltesting.FakeHandler{StatusCode: 200}
server := httptest.NewServer(&handler)
defer server.Close()
method := "GET"
path := "/foo/bar"
req, err := http.NewRequest(method, server.URL+path, nil)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
// TODO(zmerlynn): Validate the rate limiter is actually getting called.
client := http.Client{
Transport: &rateLimitedRoundTripper{
rt: http.DefaultTransport,
limiter: flowcontrol.NewFakeAlwaysRateLimiter(),
},
}
_, err = client.Do(req)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
handler.ValidateRequest(t, path, method, nil)
}