How to set up rate limiting for Kubernetes admission controllers?

9/20/2021

A Kubernetes admission controller rejects requests that do not pass webhook checks, so it is technically a rate limiter itself.

When deploying to a high-traffic cluster, is there a way to rate limit the requests sent to the admission controller? For example, with rate limiting of 100 requests per second, the admission controller will auto-reject all further requests after the initial 100 requests.

-- jtee
kubernetes

1 Answer

9/20/2021

You can try to leverage the EventRateLimit plugin for the admission controller where the controller tried to enforce a limit on the number of event requests that the API Server will accept in a given time slice. Below are some reference docs.

https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/admission_control_event_rate_limit.md

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#eventratelimit

-- Chandra Sekar
Source: StackOverflow