-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate limiting #250
Comments
Looks like GCP has what we want out of the box. I think throttling based on ip/domain is what we need. Each partner should have their own domain since it's a separate Firebase app. We can add protection from individual users too. cc @itegulov do you think it's the best way to do it? |
My current plan is to set up the load balancer using Terraform and Google Armor. |
Details for ratelimiting are here: #289 (comment) |
Hey guys, I've got some URLs for you to use that put MPC behind Kong for rate limiting policies to take effect: Mainnet/Prod: https://near-mpc-recovery-mainnet.api.pagoda.co Testnet/Dev: https://mpc-recovery-leader-testnet.dev.api.pagoda.co Nothing special required to use these URLs, but I think once we fully transition to use these, we should switch the default CloudRun URLs to internal only so we don't circumvent the Kong rate limit/loadbalancer. |
@kmaus-near seems like you are the best person to make this change. Can you help us with that? Let's finish with it for 100%. |
@kmaus-near You will probably need to sync with @esaminu |
Update from my side of this, in order to make those cloudrun auto generated URLs private, I'll be using an internal loadbalancer so the Kong proxy can still reach the services. Once I finish that LB and test I'll reach out to @esaminu and make sure things are good. |
We'll have to somewhat work together on this, I created a branch @ https://github.com/near/mpc-recovery/tree/kmaus-near/add-internal-lb/infra Take a look at this and lmk if something like this would work for your env. If not we might want to put prod and dev TF code into their own directories so we can have a bit of separation going on as long as it doesn't break any of your workflows. |
@kmaus-near yeah I think this is reasonable. We can create some testnet/mainnet separation if necessary. Shouldn't be too big of a deal. |
Added on a load balancer level. |
Create simple configurable limits on the number of requests that a given SDK user can make.
Aim of the game is to stop them bringing down the MPC recovery service, not that we accurately bill them.
Tasks
The text was updated successfully, but these errors were encountered: