Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of CE: Remove RequestLimiter config plumbing into release/1.18.x #28599

Merged
merged 1 commit into from
Oct 4, 2024
Merged

Backport of CE: Remove RequestLimiter config plumbing into release/1.18.x #28599

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions command/command_stubs_oss.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,7 @@ func entGetFIPSInfoKey() string {
return ""
}

func entGetRequestLimiterStatus(coreConfig vault.CoreConfig) string {
return ""
func entCheckRequestLimiter(_cmd *ServerCommand, _config *server.Config) {
}

func entExtendAddonHandlers(handlers *vaultHandlers) {}
8 changes: 2 additions & 6 deletions command/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,8 @@ func (c *ServerCommand) parseConfig() (*server.Config, []configutil.ConfigError,
config.Entropy = nil
}

entCheckRequestLimiter(c, config)

return config, configErrors, nil
}

Expand Down Expand Up @@ -1423,12 +1425,6 @@ func (c *ServerCommand) Run(args []string) int {
info["HCP resource ID"] = config.HCPLinkConf.Resource.ID
}

requestLimiterStatus := entGetRequestLimiterStatus(coreConfig)
if requestLimiterStatus != "" {
infoKeys = append(infoKeys, "request limiter")
info["request limiter"] = requestLimiterStatus
}

infoKeys = append(infoKeys, "administrative namespace")
info["administrative namespace"] = config.AdministrativeNamespacePath

Expand Down
81 changes: 0 additions & 81 deletions website/content/docs/concepts/request-limiter/index.mdx
View file
Open in desktop

This file was deleted.

10 changes: 3 additions & 7 deletions website/content/docs/configuration/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,14 +224,14 @@ can have a negative effect on performance due to the tracking of each lock attem
This can also be specified via the `VAULT_LOG_LEVEL` environment variable.

<Note>

On SIGHUP (`sudo kill -s HUP` _pid of vault_), if a valid value is specified, Vault will update the existing log level,
overriding (even if specified) both the CLI flag and environment variable.

</Note>

<Note>

Not all parts of Vault's logging can have its log level be changed dynamically this way; in particular,
secrets/auth plugins are currently not updated dynamically.

Expand All @@ -257,9 +257,6 @@ can have a negative effect on performance due to the tracking of each lock attem
When `imprecise_lease_role_tracking` is set to true and a new role-based quota is enabled, subsequent lease counts start from 0.
`imprecise_lease_role_tracking` affects role-based lease count quotas, but reduces latencies when not using role based quotas.

- `request_limiter` `([Request Limiter][request-limiter]: <none>)` – Allows
operators to enable Vault's Request Limiter functionality.

### High availability parameters

The following parameters are used on backends that support [high availability][high-availability].
Expand Down Expand Up @@ -304,7 +301,7 @@ The following parameters are only used with Vault Enterprise
provided via the environment variable `VAULT_LICENSE_PATH`, or the license
itself can be provided in the environment variable `VAULT_LICENSE`.

- `administrative_namespace_path` `(string: "")` - Specifies the absolute path
- `administrative_namespace_path` `(string: "")` - Specifies the absolute path
to the Vault namespace to be used as an [Administrative namespace](/vault/docs/enterprise/namespaces/create-admin-namespace).

[storage-backend]: /vault/docs/configuration/storage
Expand All @@ -315,4 +312,3 @@ The following parameters are only used with Vault Enterprise
[sentinel]: /vault/docs/configuration/sentinel
[high-availability]: /vault/docs/concepts/ha
[plugins]: /vault/docs/plugins
[request-limiter]: /vault/docs/concepts/request-limiter
4 changes: 0 additions & 4 deletions website/content/docs/configuration/listener/tcp/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,10 +296,6 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co
- `disable_replication_status_endpoints` `(bool: false)` - Disables replication
status endpoints for the configured listener when set to `true`.

- `disable_request_limiter` `(bool: false)` - Disables the request limiter for
this listener. The default configuration will honor the global
[configuration](/vault/docs/configuration/request-limiter).

### `telemetry` parameters

- `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows
Expand Down
33 changes: 0 additions & 33 deletions website/content/docs/configuration/request-limiter.mdx
View file
Open in desktop

This file was deleted.

32 changes: 32 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.18.x.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,35 @@ kubectl exec -ti <NAME> -- wget https://github.com/moparisthebest/static-curl/re
```

**NOTE:** When using this option you'll want to verify that the static binary comes from a trusted source.

### Request limiter configuration removal

Vault 1.16.0 included an experimental request limiter. The limiter was disabled
by default with an opt-in `request_limiter` configuration.

Further testing indicated that an alternative approach improves performance and
reduces risk for many workloads. Vault 1.17.0 included a new [adaptive overload
protection](/vault/docs/concepts/adaptive-overload-protection) feature that
prevents outages when Vault is overwhelmed by write requests.

Adaptive overload protection was a beta feature in 1.17.0.

As of Vault 1.18.0, the adaptive overload protection feature for writes is
now GA and enabled by default for the integrated storage backend.

The beta `request_limiter` configuration stanza is officially removed in Vault 1.18.0.

Vault will output two types of warnings if the `request_limiter` stanza is
detected in your Vault config.

1. A UI warning message printed to `stderr`:

```text
WARNING: Request Limiter configuration is no longer supported; overriding server configuration to disable
```

2. A log line with level `WARN`, appearing in Vault's logs:

```text
... [WARN] unknown or unsupported field request_limiter found in configuration at config.hcl:22:1
```
23 changes: 0 additions & 23 deletions website/data/docs-nav-data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,25 +321,6 @@
"color": "neutral"
}
},
{
"title": "Request Limiter",
"badge": {
"text": "ENTERPRISE | DEPRECATED",
"type": "outlined",
"color": "neutral"
},
"routes": [
{
"title": "Overview",
"path": "concepts/request-limiter",
"badge": {
"text": "BETA",
"type": "outlined",
"color": "highlight"
}
}
]
},
{
"title": "Adaptive overload protection",
"badge": {
Expand Down Expand Up @@ -595,10 +576,6 @@
"title": "<code>telemetry</code>",
"path": "configuration/telemetry"
},
{
"title": "<code>Request Limiter</code>",
"path": "configuration/request-limiter"
},
{
"title": "Adaptive overload protection",
"path": "configuration/adaptive-overload-protection"
Expand Down
Loading