Add runner jobs API rate limit
What does this MR do and why?
This MR implements an API rate limit on /jobs/* endpoints.
Changelog: added
Note: I based myself on previous MRs that implemented API limits, such as !152733 (merged)
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/462537+
- https://docs.gitlab.com/development/merge_request_concepts/rate_limits/
- https://handbook.gitlab.com/handbook/product/product-processes/#introducing-application-limits
- https://handbook.gitlab.com/handbook/engineering/infrastructure/rate-limiting/managing-limits/#rate-limits-in-applicationratelimiter
Rate limits being introduced
| Endpoint | Rate limit by | Rate limit key | Rate limit |
|---|---|---|---|
POST /jobs/request |
runner token | :runner_jobs_request_api |
2,000 reqs/runner/min |
PUT /jobs/:id |
job token | :runner_jobs_api |
200 reqs/job/min |
PATCH /jobs/:id/trace |
job token | :runner_jobs_api |
200 reqs/job/min |
POST /jobs/:id/artifacts/authorize |
job token | :runner_jobs_api |
200 reqs/job/min |
POST /jobs/:id/artifacts |
job token | :runner_jobs_api |
200 reqs/job/min |
GET /jobs/:id/artifacts |
job token | :runner_jobs_api |
200 reqs/job/min |
Screenshots or screen recordings
| Before | After |
|---|---|
|
|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Pedro Pombeiro - OOO from Oct 13-24