What would you like to be added? / User Story:

The EventRateLimit admission plugin supports 4 limit types, but the dashboard currently only supports theNamespace type. The kubermatic backend already supports all 4 types.

xref: kubermatic/kubermatic#15091

Background

The Kubernetes EventRateLimit admission plugin supports these limit types:

• Server: One bucket shared by all events (global limit)
• Namespace: One bucket per namespace
• User: One bucket per user
• SourceAndObject: One bucket per source+object combination

The backend already supports all four types, we need to make sure these are exposed by the dashboard too.

Solution details

• Update EventRateLimitConfig type to include all 4 limit types (server, namespace, user, sourceAndObject)
• Update Event Rate Limit component to allow enabling/configuring multiple limit types with expansion panels (or something similar decided by the UI team)
• Add validation: QPS >= 1, Burst >= 1, CacheSize >= 0 and also at least one EventRateLimit plugin should be enabled
• Update cluster detail page to display all configured limit types

Use cases

• Global rate limiting: Use Server type to set a global limit across all events
• Namespace isolation: Use Namespace type to prevent one namespace from exhausting event capacity
• User limits: Use User type to limit events per user
• Fine grained control: Use SourceAndObject type for the most granular rate limiting

Different limits can also be combined for layered protection.

Note: In the near future we plan to add global enforcement and defaulting for these limit types in KKP. The implementation in the frontend should keep this in mind when designing and implementing this feature.