Configure the controller manager rate limit

This pages describes how to configure the overall rate limit (token bucket rate limit) for the controller manager in Config Connector.

Configure the rate limit for namespaced controller manager

If Config Connector is configured to run in namespaced mode, you can use the NamespacedControllerReconciler custom resource to configure the rate limit of the cnrm-controller-manager controller's Kubernetes client in your designated namespace. You can configure rate limit for this controller in Config Connector version 1.119 and later.

1. Create a file named configure-rate-limit.yaml and copy the following YAML into it:

   apiVersion: customize.core.cnrm.cloud.google.com/v1alpha1
   kind: NamespacedControllerReconciler
   metadata:
     name: cnrm-controller-manager # name must not contain the namespace ID suffix
     namespace: NAMESPACE
   spec:
     rateLimit:
       qps: 80 # the default value is 20
       burst: 40 # the default value is 30
   

   Replace NAMESPACE with the name of your namespace.

2. Use kubectl apply to apply the rate limit configuration to your cluster:

   kubectl apply -f configure-rate-limit.yaml

3. Verify the configuration is successful by running the following command:

   kubectl get namespacedcontrollerreconciler cnrm-controller-manager -n NAMESPACE -o jsonpath='{.status.healthy}'

   The output should display status.healthy field set to true.

4. Verify that the --qps and --burst flags are added to the cnrm-controller-manager controller's manager container by running the following command:

   kubectl describe statefulsets cnrm-controller-manager -n cnrm-system

   The output should contain the following:

   Containers:
   manager:
     Image:      gcr.io/gke-release/cnrm/controller:fd4c42c
     Port:       23232/TCP
     Host Port:  0/TCP
     Command:
       /configconnector/manager
     Args:
       --qps=80
       --burst=40
       --scoped-namespace=config-control
       --prometheus-scrape-endpoint=:8888