kafka: add kafka_connections_max_overrides
#4221
Conversation
jcsp
force-pushed
the
conn-limit-overrides
branch
from
3138a3b
to
0b0a153
Compare
| "Per-IP overrides of kafka connection count limit, list of " | ||
| "<ip>:<count> strings", | ||
| {.needs_restart = needs_restart::no, | ||
| .example = R"(['127.0.0.1:90', '50.20.1.1:40'])", |
There was a problem hiding this comment.
nit: this looks like <ip_address>:<port> at first. Maybe <ip_address>=<limit> would be better ?
There was a problem hiding this comment.
@VadimPlh I was doing this symmetrically with the connection rate limiting config, what do you think about changing both of them to use "=" before we release?
There was a problem hiding this comment.
I did it similar with kafka. As I remember they use ':'
There was a problem hiding this comment.
I think I'm inclined to stick with : here, partly because of kafka, but mainly because it looks more "normal" in a YAML file where that's the usual character for key-value associations.
This enables the adminstrator to set individual per-IP limits on connection count.
jcsp
force-pushed
the
conn-limit-overrides
branch
from
0b0a153
to
78726c0
Compare
|
No changes, just rebased to re-test on top of the various changes from the last week or so. This should be good to go. |
Cover letter
This is followup to where
kafka_connections_maxandkafka_connections_max_per_ipwere added. This change adds an "overrides" config property that lets the user target particular client addresses for special treatment.This can be used as a field-expedient firewall, or for environments where certain hosts are known to run large numbers of clients.
Release notes
Features
kafka_connections_max_overridesis added, enabling setting connection count limits on individual client IPs.