Page MenuHomePhabricator
Create Task
Maniphest T362310

Implement global ratelimiting in our service mesh
Closed, ResolvedPublic
Actions

Description

To curb the load on mw-api-int caused by the search update pipeline's fetch operator, search would like a global rate limit (not one per worker as that leads to long tails and unused "quota").

Rate-limiting is a long-wanted feature for the MW API (internal) anyways, see T248543. Service/Ops is willing to discuss implementing it the envoy-way: Envoy supports local and remote/distributed rate limits, as described here. The least invasive approach to test this would be the following:

  • set up an envoy rate-limit service (backed by redis)
  • configure the client-side sidecar envoys to use that rate-limit service

This avoids unnecessary network traffic leaving the pod.

With that setup/configuration in place, the fetch operator must handle HTTP 429 responses gracefully, by retrying, but with a shorter, non-growing delay unlike regular retries.

api-gateway already uses a combination of ratelimit (the standard implementation for global rate limiting from envoy) and redis-misc (via nutcracker). In that setup, ratelimit is running as a sidecar alongside the api-gateway envoy.

For the mesh ratelimit, we decided to provide a central ratelimit service via it's own chart and deployment that can be used by all service mesh envoys and may hold multiple rate limit configurations (domains) for different use-cases. The initial rate limit configuration should allow 1k/rps per user-agent as that is easy enough to distinguish and we encourage mw-api client to properly identify themselves anyways.

For this MVP implementation the mesh "clients" should be able to opt-in to being rate limited via configuration values, the proposed implementation/configuration structure can be found at https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/1028558

There also is an initial dashboard available showing the metrics the ratelimit service exposes (via the statsd exporter, as it does not support native prometheus metrics): https://grafana.wikimedia.org/d/bf921591-bd2b-4a87-ae20-7cc6f227e58a/jayme-ratelimit

I tried to condense the above into https://wikitech.wikimedia.org/wiki/Ratelimit

Details

SubjectRepoBranchLines +/-
Search update pipeline: reduce client-side rate-limitoperations/deployment-chartsmaster+4 -0
CHANGELOG for configuration 1.8.0operations/deployment-chartsmaster+3 -0
Search update pipeline: use rate-limited HTTP clientoperations/deployment-chartsmaster+1 -1
Search update pipeline: retry 429s at HTTP client leveloperations/deployment-chartsmaster+1 -1
Search update pipeline: use dedicated user agentsoperations/deployment-chartsmaster+5 -0
Search update pipeline: enable rate limitingoperations/deployment-chartsmaster+3 -0
prometheus::k8s: Keep envoy ratelimit metricsoperations/puppetproduction+1 -1
ratelimit: Increase CPU limit and set GOMAXPROCS everywhereoperations/deployment-chartsmaster+6 -6
ratelimit: Use LOG_LEVEL warn by defaultoperations/deployment-chartsmaster+12 -2
flink-app: Update various modulesoperations/deployment-chartsmaster+286 -128
ratelimit: Allow ingress on the HTTP port for easier testingoperations/deployment-chartsmaster+3 -1
ratelimit: Ensure LOCAL_CACHE_SIZE_IN_BYTES is not convertedoperations/deployment-chartsmaster+2 -2
ratelimit: Don't deploy latestoperations/deployment-chartsmaster+1 -0
Don't deploy istio certificate for the ratelimit serviceoperations/deployment-chartsmaster+2 -1
Create ratelimit namespace and releasesoperations/deployment-chartsmaster+103 -0
Add ratelimit user to the wikikube/main clustersoperations/puppetproduction+4 -0
mesh: Update mesh.name dependency to mesh.configuration:1.8operations/deployment-chartsmaster+2 -2
mesh: publish mesh.configuration 1.8operations/deployment-chartsmaster+9 -0
mesh.configuration: Add support for rate limitingoperations/deployment-chartsmaster+115 -30
Add new mesh.configuration versionoperations/deployment-chartsmaster+610 -0
Add new chart: ratelimitoperations/deployment-chartsmaster+358 -426
New chart from scaffold: ratelimitoperations/deployment-chartsmaster+1 K -0
mesh.configuration: Add support for rate limitingoperations/deployment-chartsmaster+115 -30
ratelimit: Add CertProvider to hot reload TLS certs for gRPC serviceoperations/docker-images/production-imagesmaster+8 -1
Add CertProvider to hot reload TLS certs for gRPC serviceoperations/software/envoyproxy/ratelimitermaster+136 -22
Make base.certificates compatible with chart modules and scaffoldoperations/deployment-chartsmaster+52 -30
New version of base.certificates moduleoperations/deployment-chartsmaster+41 -0
ratelimit: Update ratelimit service to git 3fcc360operations/docker-images/production-imagesmaster+14 -7
Show related patches Customize query in gerrit
TitleReferenceAuthorSource BranchDest Branch
Use distinct HTTP user-agentrepos/search-platform/cirrus-streaming-updater!127pfischerdedicated-user-agentmain
Customize query in GitLab

Related Objects

Event Timeline

pfischer created this task.Apr 11 2024, 9:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 11 2024, 9:40 AM
pfischer renamed this task from SUP rate limits for fetch to SUP rate-limit fetch.Apr 11 2024, 10:16 AM
pfischer updated the task description. (Show Details)
Gehel triaged this task as High priority.Apr 15 2024, 1:14 PM
Gehel moved this task from needs triage to Current work on the Discovery-Search board.
Gehel edited projects, added Discovery-Search (Current work); removed Discovery-Search.
TJones updated the task description. (Show Details)Apr 15 2024, 3:47 PM
pfischer changed the task status from Open to Stalled.Apr 18 2024, 4:02 PM
pfischer moved this task from Incoming to Blocked/Waiting on the Discovery-Search (Current work) board.
pfischer added a subscriber: JMeybohm.

I brought up this discussion with @JMeybohm and as it turns out, rate-limiting is a long-wanted feature for the MW API anyways, see T248543. Service/Ops is willing to discuss implementing it the envoy-way: Envoy supports local and remote/distributed rate limits, as described here. The least invasive approach to test this would be the following:

  • set up an envoy rate-limit service (backed by redis)
  • configure the client-side sidecar envoys to use that rate-limit service

This avoids unnecessary network traffic leaving the pod.

With that setup/configuration in place, the fetch operator must handle HTTP 429 responses gracefully, by retrying, but with a shorter, non-growing delay unlike regular retries.

JMeybohm added a project: serviceops-radar.Apr 19 2024, 8:33 AM
pfischer changed the task status from Stalled to In Progress.May 2 2024, 12:46 PM
pfischer moved this task from Blocked/Waiting to In Progress on the Discovery-Search (Current work) board.
gerritbot added a comment.May 2 2024, 1:40 PM

Change #1026563 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] New chart from scaffold: ratelimit

https://gerrit.wikimedia.org/r/1026563

gerritbot added a project: Patch-For-Review.May 2 2024, 1:40 PM

Change #1026564 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Add new chart: ratelimit

https://gerrit.wikimedia.org/r/1026564

gerritbot added a comment.May 3 2024, 11:13 AM

Change #1026859 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] New version of base.certificates module

https://gerrit.wikimedia.org/r/1026859

gerritbot added a comment.May 3 2024, 11:13 AM

Change #1026860 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Make base.certificates compatible with chart modules and scaffold

https://gerrit.wikimedia.org/r/1026860

gerritbot added a comment.May 6 2024, 3:37 PM

Change #1028532 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/docker-images/production-images@master] ratelimit: Update ratelimit service to git 3fcc360

https://gerrit.wikimedia.org/r/1028532

gerritbot added a comment.May 6 2024, 4:59 PM

Change #1028557 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Add new mesh.configuration version

https://gerrit.wikimedia.org/r/1028557

gerritbot added a comment.May 6 2024, 4:59 PM

Change #1028558 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] mesh.configuration: Add support for rate limiting

https://gerrit.wikimedia.org/r/1028558

gerritbot added a comment.May 7 2024, 9:54 AM

Change #1028532 merged by JMeybohm:

[operations/docker-images/production-images@master] ratelimit: Update ratelimit service to git 3fcc360

https://gerrit.wikimedia.org/r/1028532

gerritbot added a comment.May 7 2024, 3:02 PM

Change #1026859 merged by jenkins-bot:

[operations/deployment-charts@master] New version of base.certificates module

https://gerrit.wikimedia.org/r/1026859

gerritbot added a comment.May 7 2024, 3:02 PM

Change #1026860 merged by jenkins-bot:

[operations/deployment-charts@master] Make base.certificates compatible with chart modules and scaffold

https://gerrit.wikimedia.org/r/1026860

bking subscribed.May 8 2024, 2:16 PM
gerritbot added a comment.May 8 2024, 2:38 PM

Change #1029205 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/software/envoyproxy/ratelimiter@master] Add CertProvider to hot reload TLS certs for gRPC service

https://gerrit.wikimedia.org/r/1029205

JMeybohm renamed this task from SUP rate-limit fetch to Implement global ratelimiting in our service mesh.May 8 2024, 4:20 PM
JMeybohm claimed this task.
JMeybohm edited projects, added serviceops; removed serviceops-radar.
JMeybohm updated the task description. (Show Details)
JMeybohm added subscribers: hnowlan, akosiaris.
CodeReviewBot added a comment.May 13 2024, 3:54 PM

pfischer opened https://gitlab.wikimedia.org/repos/search-platform/cirrus-streaming-updater/-/merge_requests/127

Use distinct HTTP user-agent

gerritbot added a comment.May 16 2024, 7:05 AM

Change #1029205 merged by JMeybohm:

[operations/software/envoyproxy/ratelimiter@master] Add CertProvider to hot reload TLS certs for gRPC service

https://gerrit.wikimedia.org/r/1029205

JMeybohm mentioned this in rOSERfc2df91ff321: Add CertProvider to hot reload TLS certs for gRPC service.May 16 2024, 7:06 AM
gerritbot added a comment.May 16 2024, 7:17 AM

Change #1032293 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/docker-images/production-images@master] ratelimit: Add CertProvider to hot reload TLS certs for gRPC service

https://gerrit.wikimedia.org/r/1032293

gerritbot added a comment.May 16 2024, 7:19 AM

Change #1032293 merged by JMeybohm:

[operations/docker-images/production-images@master] ratelimit: Add CertProvider to hot reload TLS certs for gRPC service

https://gerrit.wikimedia.org/r/1032293

JMeybohm added a comment.May 16 2024, 7:46 AM

Successfully published image docker-registry.discovery.wmnet/ratelimit:9.0.2-20240503.3fcc360, supporting hot reload of gRPC certs. This should unblock deploying the ratelimit service.

gerritbot added a comment.May 22 2024, 12:05 PM

Change #1034896 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] mesh.configuration: Add support for rate limiting

https://gerrit.wikimedia.org/r/1034896

gerritbot added a comment.May 22 2024, 12:07 PM

Change #1034896 abandoned by JMeybohm:

[operations/deployment-charts@master] mesh.configuration: Add support for rate limiting

Reason:

Messed up rebase

https://gerrit.wikimedia.org/r/1034896

gerritbot added a comment.May 22 2024, 3:20 PM

Change #1026563 merged by JMeybohm:

[operations/deployment-charts@master] New chart from scaffold: ratelimit

https://gerrit.wikimedia.org/r/1026563

gerritbot added a comment.May 22 2024, 3:20 PM

Change #1026564 merged by JMeybohm:

[operations/deployment-charts@master] Add new chart: ratelimit

https://gerrit.wikimedia.org/r/1026564

gerritbot added a comment.May 22 2024, 4:01 PM

Change #1028557 merged by jenkins-bot:

[operations/deployment-charts@master] Add new mesh.configuration version

https://gerrit.wikimedia.org/r/1028557

gerritbot added a comment.May 22 2024, 4:01 PM

Change #1028558 merged by jenkins-bot:

[operations/deployment-charts@master] mesh.configuration: Add support for rate limiting

https://gerrit.wikimedia.org/r/1028558

gerritbot added a comment.Jun 6 2024, 9:33 AM

Change #1039626 had a related patch set uploaded (by Hnowlan; author: Hnowlan):

[operations/deployment-charts@master] mesh: publish mesh.configuration 1.8

https://gerrit.wikimedia.org/r/1039626

gerritbot added a comment.Jun 6 2024, 12:33 PM

Change #1039626 merged by jenkins-bot:

[operations/deployment-charts@master] mesh: publish mesh.configuration 1.8

https://gerrit.wikimedia.org/r/1039626

gerritbot added a comment.Jun 6 2024, 1:52 PM

Change #1039726 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] mesh: Update mesh.name dependency to mesh.configuration:1.8

https://gerrit.wikimedia.org/r/1039726

gerritbot added a comment.Jun 6 2024, 2:00 PM

Change #1039726 merged by jenkins-bot:

[operations/deployment-charts@master] mesh: Update mesh.name dependency to mesh.configuration:1.8

https://gerrit.wikimedia.org/r/1039726

gerritbot added a comment.Jun 7 2024, 6:40 AM

Change #1039727 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] flink-app: Update various modules

https://gerrit.wikimedia.org/r/1039727

gerritbot added a comment.Jun 7 2024, 7:48 AM

Change #1040060 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] Add ratelimit user to the wikikube/main clusters

https://gerrit.wikimedia.org/r/1040060

gerritbot added a comment.Jun 7 2024, 8:14 AM

Change #1040086 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Create ratelimit namespace and releases

https://gerrit.wikimedia.org/r/1040086

gerritbot added a comment.Jun 7 2024, 8:38 AM

Change #1040060 merged by JMeybohm:

[operations/puppet@production] Add ratelimit user to the wikikube/main clusters

https://gerrit.wikimedia.org/r/1040060

gerritbot added a comment.Jun 7 2024, 8:42 AM

Change #1040086 merged by jenkins-bot:

[operations/deployment-charts@master] Create ratelimit namespace and releases

https://gerrit.wikimedia.org/r/1040086

gerritbot added a comment.Jun 7 2024, 9:06 AM

Change #1040096 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Don't deploy istio certificate for the ratelimit service

https://gerrit.wikimedia.org/r/1040096

gerritbot added a comment.Jun 7 2024, 9:19 AM

Change #1040096 merged by jenkins-bot:

[operations/deployment-charts@master] Don't deploy istio certificate for the ratelimit service

https://gerrit.wikimedia.org/r/1040096

JMeybohm updated the task description. (Show Details)Jun 7 2024, 9:53 AM
gerritbot added a comment.Jun 7 2024, 9:58 AM

Change #1040105 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] ratelimit: Don't deploy latest

https://gerrit.wikimedia.org/r/1040105

gerritbot added a comment.Jun 7 2024, 10:21 AM

Change #1040105 merged by jenkins-bot:

[operations/deployment-charts@master] ratelimit: Don't deploy latest

https://gerrit.wikimedia.org/r/1040105

gerritbot added a comment.Jun 7 2024, 10:27 AM

Change #1040114 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] ratelimit: Ensure LOCAL_CACHE_SIZE_IN_BYTES is not converted

https://gerrit.wikimedia.org/r/1040114

gerritbot added a comment.Jun 7 2024, 10:31 AM

Change #1040114 merged by jenkins-bot:

[operations/deployment-charts@master] ratelimit: Ensure LOCAL_CACHE_SIZE_IN_BYTES is not converted

https://gerrit.wikimedia.org/r/1040114

gerritbot added a comment.Jun 7 2024, 11:51 AM

Change #1040138 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] ratelimit: Allow ingress on the HTTP port for easier testing

https://gerrit.wikimedia.org/r/1040138

gerritbot added a comment.Jun 7 2024, 11:59 AM

Change #1039727 merged by jenkins-bot:

[operations/deployment-charts@master] flink-app: Update various modules

https://gerrit.wikimedia.org/r/1039727

JMeybohm added a subscriber: dcausse.Jun 7 2024, 12:12 PM

The ratelimit service has been deployed to staging and prod wikikube clusters.
What's left to be done is to configure cirrus-streaming-updater to use it (see https://wikitech.wikimedia.org/wiki/Ratelimit#Enable/opt_in_to_rate_limiting). From all the values files I'm not sure which components (all?) should be rate limited, so I'd like to leave that change to you @pfischer / @bking / @dcausse. Feel free to send it my way for review/sync with me for the deployment so we can verify everything works as expected.

gerritbot added a comment.Jun 7 2024, 3:54 PM

Change #1040211 had a related patch set uploaded (by Peter Fischer; author: Peter Fischer):

[operations/deployment-charts@master] Search update pipeline: enable rate limiting

https://gerrit.wikimedia.org/r/1040211

CodeReviewBot added a comment.Jun 11 2024, 3:40 PM

pfischer closed https://gitlab.wikimedia.org/repos/search-platform/cirrus-streaming-updater/-/merge_requests/127

Use distinct HTTP user-agent

gerritbot added a comment.Jun 13 2024, 12:12 PM

Change #1040211 merged by jenkins-bot:

[operations/deployment-charts@master] Search update pipeline: enable rate limiting

https://gerrit.wikimedia.org/r/1040211

gerritbot added a comment.Jun 13 2024, 1:11 PM

Change #1043059 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] ratelimit: Use LOG_LEVEL warn by default

https://gerrit.wikimedia.org/r/1043059

gerritbot added a comment.Jun 13 2024, 2:01 PM

Change #1043059 merged by jenkins-bot:

[operations/deployment-charts@master] ratelimit: Use LOG_LEVEL warn by default

https://gerrit.wikimedia.org/r/1043059

gerritbot added a comment.Jun 13 2024, 3:30 PM

Change #1043125 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] ratelimit: Increase CPU limit and set GOMAXPROCS everywhere

https://gerrit.wikimedia.org/r/1043125

gerritbot added a comment.Jun 13 2024, 3:33 PM

Change #1043125 merged by jenkins-bot:

[operations/deployment-charts@master] ratelimit: Increase CPU limit and set GOMAXPROCS everywhere

https://gerrit.wikimedia.org/r/1043125

gerritbot added a comment.Jun 14 2024, 9:26 AM

Change #1043667 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] prometheus::k8s: Keep envoy ratelimit metrics

https://gerrit.wikimedia.org/r/1043667

gerritbot added a comment.Jun 14 2024, 12:53 PM

Change #1043667 merged by JMeybohm:

[operations/puppet@production] prometheus::k8s: Keep envoy ratelimit metrics

https://gerrit.wikimedia.org/r/1043667

gerritbot added a comment.Jun 17 2024, 7:55 AM

Change #1046591 had a related patch set uploaded (by Peter Fischer; author: Peter Fischer):

[operations/deployment-charts@master] Search update pipeline: use dedicated user agents

https://gerrit.wikimedia.org/r/1046591

gerritbot added a comment.Jun 17 2024, 3:20 PM

Change #1046591 merged by jenkins-bot:

[operations/deployment-charts@master] Search update pipeline: use dedicated user agents

https://gerrit.wikimedia.org/r/1046591

gerritbot added a comment.Jun 19 2024, 2:55 PM

Change #1047538 had a related patch set uploaded (by Peter Fischer; author: Peter Fischer):

[operations/deployment-charts@master] Search update pipeline: retry 429s at HTTP client level

https://gerrit.wikimedia.org/r/1047538

gerritbot added a comment.Jun 19 2024, 2:56 PM

Change #1047538 merged by jenkins-bot:

[operations/deployment-charts@master] Search update pipeline: retry 429s at HTTP client level

https://gerrit.wikimedia.org/r/1047538

gerritbot added a comment.Jun 20 2024, 8:59 PM

Change #1048083 had a related patch set uploaded (by Peter Fischer; author: Peter Fischer):

[operations/deployment-charts@master] Search update pipeline: use rate-limited HTTP client

https://gerrit.wikimedia.org/r/1048083

gerritbot added a comment.Jun 20 2024, 9:02 PM

Change #1048083 merged by jenkins-bot:

[operations/deployment-charts@master] Search update pipeline: use rate-limited HTTP client

https://gerrit.wikimedia.org/r/1048083

JMeybohm closed this task as Resolved.Jun 24 2024, 12:15 PM

I'd say that from our end this is done. Feel free to reopen if you feel like something is missing

gerritbot added a comment.Tue, Jul 2, 1:23 PM

Change #1051358 had a related patch set uploaded (by Peter Fischer; author: Peter Fischer):

[operations/deployment-charts@master] Search update pipeline: reduce client-side rate-limit

https://gerrit.wikimedia.org/r/1051358

gerritbot added a comment.Tue, Jul 2, 4:07 PM

Change #1051412 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] CHANGELOG for configuration 1.8.0

https://gerrit.wikimedia.org/r/1051412

gerritbot added a comment.Wed, Jul 3, 1:01 PM

Change #1051412 merged by jenkins-bot:

[operations/deployment-charts@master] CHANGELOG for configuration 1.8.0

https://gerrit.wikimedia.org/r/1051412

gerritbot added a comment.Mon, Jul 8, 2:38 PM

Change #1051358 merged by jenkins-bot:

[operations/deployment-charts@master] Search update pipeline: reduce client-side rate-limit

https://gerrit.wikimedia.org/r/1051358

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits