Add Redis rate limiter

2025-03-10 17:02:05 +07:00 · 2025-03-10 17:02:05 +07:00 · 550d96ea67
commit 550d96ea67
parent c166a41c99
26 changed files with 2268 additions and 69 deletions
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@ -7,6 +7,7 @@ import (

 	ptypes "github.com/traefik/paerser/types"
 	"github.com/traefik/traefik/v3/pkg/ip"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 // ForwardAuthDefaultMaxBodySize is the ForwardAuth.MaxBodySize option default value.
@ -566,6 +567,10 @@ type RateLimit struct {
 	// If several strategies are defined at the same time, an error will be raised.
 	// If none are set, the default is to use the request's remote address field (as an ipStrategy).
 	SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
+
+	// Redis stores the configuration for using Redis as a bucket in the rate-limiting algorithm.
+	// If not specified, Traefik will default to an in-memory bucket for the algorithm.
+	Redis *Redis `json:"redis,omitempty" toml:"redis,omitempty" yaml:"redis,omitempty" export:"true"`
 }

 // SetDefaults sets the default values on a RateLimit.
@ -576,6 +581,58 @@ func (r *RateLimit) SetDefaults() {

 // +k8s:deepcopy-gen=true

+// Redis holds the Redis configuration.
+type Redis struct {
+	// Endpoints contains either a single address or a seed list of host:port addresses.
+	// Default value is ["localhost:6379"].
+	Endpoints []string `json:"endpoints,omitempty" toml:"endpoints,omitempty" yaml:"endpoints,omitempty"`
+	// TLS defines TLS-specific configurations, including the CA, certificate, and key,
+	// which can be provided as a file path or file content.
+	TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
+	// Username defines the username to connect to the Redis server.
+	Username string `json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
+	// Password defines the password to connect to the Redis server.
+	Password string `json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
+	// DB defines the Redis database that will be selected after connecting to the server.
+	DB int `json:"db,omitempty" toml:"db,omitempty" yaml:"db,omitempty"`
+	// PoolSize defines the initial number of socket connections.
+	// If the pool runs out of available connections, additional ones will be created beyond PoolSize.
+	// This can be limited using MaxActiveConns.
+	// Default value is 0, meaning 10 connections per every available CPU as reported by runtime.GOMAXPROCS.
+	PoolSize int `json:"poolSize,omitempty" toml:"poolSize,omitempty" yaml:"poolSize,omitempty" export:"true"`
+	// MinIdleConns defines the minimum number of idle connections.
+	// Default value is 0, and idle connections are not closed by default.
+	MinIdleConns int `json:"minIdleConns,omitempty" toml:"minIdleConns,omitempty" yaml:"minIdleConns,omitempty" export:"true"`
+	// MaxActiveConns defines the maximum number of connections allocated by the pool at a given time.
+	// Default value is 0, meaning there is no limit.
+	MaxActiveConns int `json:"maxActiveConns,omitempty" toml:"maxActiveConns,omitempty" yaml:"maxActiveConns,omitempty" export:"true"`
+	// ReadTimeout defines the timeout for socket read operations.
+	// Default value is 3 seconds.
+	ReadTimeout *ptypes.Duration `json:"readTimeout,omitempty" toml:"readTimeout,omitempty" yaml:"readTimeout,omitempty" export:"true"`
+	// WriteTimeout defines the timeout for socket write operations.
+	// Default value is 3 seconds.
+	WriteTimeout *ptypes.Duration `json:"writeTimeout,omitempty" toml:"writeTimeout,omitempty" yaml:"writeTimeout,omitempty" export:"true"`
+	// DialTimeout sets the timeout for establishing new connections.
+	// Default value is 5 seconds.
+	DialTimeout *ptypes.Duration `json:"dialTimeout,omitempty" toml:"dialTimeout,omitempty" yaml:"dialTimeout,omitempty" export:"true"`
+}
+
+// SetDefaults sets the default values on a RateLimit.
+func (r *Redis) SetDefaults() {
+	r.Endpoints = []string{"localhost:6379"}
+
+	defaultReadTimeout := ptypes.Duration(3 * time.Second)
+	r.ReadTimeout = &defaultReadTimeout
+
+	defaultWriteTimeout := ptypes.Duration(3 * time.Second)
+	r.WriteTimeout = &defaultWriteTimeout
+
+	defaultDialTimeout := ptypes.Duration(5 * time.Second)
+	r.DialTimeout = &defaultDialTimeout
+}
+
+// +k8s:deepcopy-gen=true
+
 // RedirectRegex holds the redirect regex middleware configuration.
 // This middleware redirects a request using regex matching and replacement.
 // More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/redirectregex/#regex