-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kafka: add kafka_connections_max_overrides
#4221
Conversation
3138a3b
to
0b0a153
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks ok to me
"Per-IP overrides of kafka connection count limit, list of " | ||
"<ip>:<count> strings", | ||
{.needs_restart = needs_restart::no, | ||
.example = R"(['127.0.0.1:90', '50.20.1.1:40'])", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this looks like <ip_address>:<port>
at first. Maybe <ip_address>=<limit>
would be better ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@VadimPlh I was doing this symmetrically with the connection rate limiting config, what do you think about changing both of them to use "=" before we release?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did it similar with kafka. As I remember they use ':'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I'm inclined to stick with :
here, partly because of kafka, but mainly because it looks more "normal" in a YAML file where that's the usual character for key-value associations.
This enables the adminstrator to set individual per-IP limits on connection count.
0b0a153
to
78726c0
Compare
No changes, just rebased to re-test on top of the various changes from the last week or so. This should be good to go. |
Cover letter
This is followup to where
kafka_connections_max
andkafka_connections_max_per_ip
were added. This change adds an "overrides" config property that lets the user target particular client addresses for special treatment.This can be used as a field-expedient firewall, or for environments where certain hosts are known to run large numbers of clients.
Release notes
Features
kafka_connections_max_overrides
is added, enabling setting connection count limits on individual client IPs.