Page MenuHomePhabricator
Create Task
Maniphest T402914

Set up a rest-gateway deployment for rate limiting testing
Closed, DeclinedPublic
Actions

Description

We need to figure out how to enable testing rate-limiting at the rest-gateway level without disrupting work on T400130: Central REST gateway for APIs

  • Update api-gateway helm chart to support the rate-limiting configuration on both api and rest gateways (sidecar deployment of the ratelimit service)
  • Add rate-limiting configuration to the rest-gateway staging deployment
  • Stand up a ganeti VM for the redis backend

Once internal testing is done, and all production traffic goes through T400130: Central REST gateway for APIs, a possible route for production integration would be to enable this same rate-limiting set up in production, configure it to use shadow mode (no actual rate-limiting, just log what would be done), and see how it reacts.

Related Objects
Search...

Event Timeline

Clement_Goubert created this task.Aug 26 2025, 11:41 AM
daniel mentioned this in T398919: Epic: API rate limiting dry run (WE5.1.3b).Aug 29 2025, 12:32 PM
daniel added a comment.Sep 3 2025, 9:05 AM

There's different setups I would want to test here, but considering that we will be using an Evnoy version less than 1.33 for a while, I propose we test a simple baseline first:

Envoy 1.26 (or whatever) with a central Redis instance, like we have in the Gateway for api.wikimedia.org. We could set that up to handle all API routes, but it doesn't really matter - for preliminary testing, we should use a dummy mackend anyway (e.g. an enginx container that serves static content) and map all routes to that.

In the initial rount, I'd want to test:

  • Identifying the user based on the CentralAuth cookie (not secure, but good enough for testing)
  • Hitting the endpoint with a lot of synthetic traffic (Locust?) to see how Redis holds up to 100k writes/sec
Clement_Goubert changed the task status from Open to In Progress.Sep 10 2025, 10:17 AM
Clement_Goubert claimed this task.
Clement_Goubert triaged this task as High priority.
Clement_Goubert updated the task description. (Show Details)
gerritbot added a comment.Sep 10 2025, 11:13 AM

Change #1186954 had a related patch set uploaded (by Clément Goubert; author: Clément Goubert):

[operations/deployment-charts@master] api-gateway: Generalize ratelimit configuration

https://gerrit.wikimedia.org/r/1186954

gerritbot added a project: Patch-For-Review.Sep 10 2025, 11:13 AM
JTweed-WMF moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.Sep 15 2025, 2:54 PM
daniel closed this task as Declined.Oct 30 2025, 5:41 PM

No longer needed, we successfully tested on the staging cluster, see T406490

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits