feat(options): adding a rate limited kube client to the web options (#112)

Jacobbrewer1 · Copilot · web-flow · commit 51c17dfd0aed · 2025-10-25T08:02:04.000Z
* adding a rate limited kube client to the web options

* more descriptive errs

* linter update

* imports

* updating linter cfg

* Apply suggestion from @Copilot

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;

* gci fmt

---------

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -22,6 +22,8 @@ linters:
       ignore-calls: true
     gocritic:
       enable-all: true
+      disabled-checks:
+        - unnamedResult
     iface:
       enable:
         - identical
@@ -81,8 +83,9 @@ linters:
           exclude:
             - ""
     sloglint:
-#      attr-only: true
+      attr-only: false
       static-msg: true
+      no-raw-keys: false
       key-naming-case: snake
       forbidden-keys:
         - time
@@ -136,16 +139,28 @@ linters:
       - linters:
           - goconst
         path: (.+)_test\.go
+      - linters:
+          - unused
+        path: magefiles/* # Exclude magefiles from unused checks as build targets are not imported
     paths:
       - third_party$
       - builtin$
       - examples$
 formatters:
   enable:
     - gofmt
+    - gci
   settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - blank
+        - dot
+        - prefix(github.com/jacobbrewer1)
+      custom-order: true
     gofmt:
-      simplify: true
+      simplify: false
       rewrite-rules:
         - pattern: interface{}
           replacement: any
diff --git a/app.go b/app.go
@@ -521,7 +521,9 @@ func (a *App) RedisPool() goredis.Pool {
 func (a *App) WorkerPool(name string) pkgsync.WorkerPool {
 	v, ok := a.workerPools.Load(name)
 	if !ok {
-		a.l.Error("worker pool has not been registered", "name", name)
+		a.l.Error("worker pool has not been registered",
+			"name", name,
+		)
 		panic(fmt.Sprintf("worker pool '%s' has not been registered", name))
 	}
 
diff --git a/database/connection.go b/database/connection.go
@@ -7,8 +7,9 @@ import (
 	"strconv"
 	"time"
 
-	_ "github.com/go-sql-driver/mysql"
 	"github.com/jmoiron/sqlx"
+
+	_ "github.com/go-sql-driver/mysql"
 )
 
 const (
diff --git a/options.go b/options.go
@@ -193,18 +193,38 @@ func WithDatabaseFromVault() StartOption {
 
 // WithInClusterKubeClient is a StartOption that sets up the in-cluster Kubernetes client.
 func WithInClusterKubeClient() StartOption {
+	// Default QPS and Burst values are set to 5 and 10 respectively. This should prevent the client from being rate
+	// limited by the Kubernetes API server under normal operation. These values can be adjusted based on the
+	// application's requirements and the cluster's capacity.
+	return WithRateLimitedInClusterKubernetesClient(5, 10)
+}
+
+// WithRateLimitedInClusterKubernetesClient configures the app to set up an in-cluster Kubernetes client with rate limiting.
+//
+// Parameters:
+//
+//	qps   - The maximum number of queries per second (QPS) allowed for the Kubernetes client.
+//	        This controls the rate at which requests are sent to the Kubernetes API server.
+//	        Typical values range from 1 to 100, depending on the application's needs and the cluster's capacity.
+//	burst - The maximum burst of requests allowed. This is the maximum number of requests that can be sent in a short period.
+//	        Burst should generally be set higher than QPS to allow for short spikes in request rate.
+//	        Typical values are 2x to 5x the QPS value.
+//
+// Choose values appropriate for your application's expected load and the API server's limits to avoid rate limiting.
+func WithRateLimitedInClusterKubernetesClient(qps float32, burst int) StartOption {
 	return func(a *App) error {
 		cfg, err := rest.InClusterConfig()
 		if err != nil {
-			return fmt.Errorf("failed to get in-cluster config: %w", err)
+			return fmt.Errorf("error getting in-cluster config: %w", err)
 		}
 
-		kubeClient, err := kubernetes.NewForConfig(cfg)
+		cfg.QPS = qps
+		cfg.Burst = burst
+
+		a.kubeClient, err = kubernetes.NewForConfig(cfg)
 		if err != nil {
-			return fmt.Errorf("failed to create kube client: %w", err)
+			return fmt.Errorf("error creating in-cluster kube client: %w", err)
 		}
-
-		a.kubeClient = kubeClient
 		return nil
 	}
 }
diff --git a/vault/auth.go b/vault/auth.go
@@ -8,6 +8,8 @@ import (
 
 	hashivault "github.com/hashicorp/vault/api"
 	kubeauth "github.com/hashicorp/vault/api/auth/kubernetes"
+
+	"github.com/jacobbrewer1/web/logging"
 )
 
 // kubernetesLogin authenticates with Vault using the Kubernetes auth method.
@@ -47,6 +49,8 @@ func (c *client) renewAuthInfo() {
 		return authInfo, nil
 	})
 	if err != nil {
-		c.l.Error("unable to renew auth info", "error", err)
+		c.l.Error("unable to renew auth info",
+			logging.KeyError, err,
+		)
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,9 @@ import (`
`7`	`7`	`"strconv"`
`8`	`8`	`"time"`
`9`	`9`
`10`		`- _ "github.com/go-sql-driver/mysql"`
`11`	`10`	`"github.com/jmoiron/sqlx"`
	`11`	`+`
	`12`	`+ _ "github.com/go-sql-driver/mysql"`
`12`	`13`	`)`
`13`	`14`
`14`	`15`	`const (`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,8 @@ import (`
`8`	`8`
`9`	`9`	`hashivault "github.com/hashicorp/vault/api"`
`10`	`10`	`kubeauth "github.com/hashicorp/vault/api/auth/kubernetes"`
	`11`	`+`
	`12`	`+ "github.com/jacobbrewer1/web/logging"`
`11`	`13`	`)`
`12`	`14`
`13`	`15`	`// kubernetesLogin authenticates with Vault using the Kubernetes auth method.`
`@@ -47,6 +49,8 @@ func (c *client) renewAuthInfo() {`
`47`	`49`	`return authInfo, nil`
`48`	`50`	`})`
`49`	`51`	`if err != nil {`
`50`		`- c.l.Error("unable to renew auth info", "error", err)`
	`52`	`+ c.l.Error("unable to renew auth info",`
	`53`	`+ logging.KeyError, err,`
	`54`	`+ )`
`51`	`55`	`}`
`52`	`56`	`}`