feat(ai-rate-limiting): support redis policy for shared counters#13670
feat(ai-rate-limiting): support redis policy for shared counters#13670shreemaan-abhishek wants to merge 2 commits into
Conversation
…licy By default the plugin keeps token counters in per-worker shared memory, so in a multi-node deployment counters are not shared and the effective quota scales with the node count. Add a redis-based policy path (reusing limit-count's redis backends) to centralize counters across nodes. - export policy_to_additional_properties from limit-count/init.lua - add policy + allow_degradation schema fields and redis attr wiring - document the new attributes and a redis example - add schema and redis rate-limiting tests
There was a problem hiding this comment.
Pull request overview
This PR extends the ai-rate-limiting plugin to support Redis-backed counter policies (reusing limit-count’s Redis backends) so token quotas can be enforced consistently across multiple APISIX nodes instead of per-worker local memory.
Changes:
- Reuses
limit-countRedis schema branches by exportingpolicy_to_additional_properties. - Adds
policy/allow_degradationand Redis config wiring toai-rate-limiting(plus schema validation). - Updates plugin documentation and adds Redis-focused test coverage.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| t/plugin/ai-rate-limiting.t | Adds schema validation and Redis policy integration tests for shared counters. |
| docs/en/latest/plugins/ai-rate-limiting.md | Documents new policy/Redis configuration options and provides a Redis example. |
| apisix/plugins/limit-count/init.lua | Exposes Redis policy schema branches for reuse by other plugins. |
| apisix/plugins/ai-rate-limiting.lua | Adds policy fields + conditional Redis schema and transforms config to use Redis backends. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ["else"] = { | ||
| ["if"] = { | ||
| properties = { policy = { enum = { "redis-sentinel" } } }, | ||
| }, | ||
| ["then"] = policy_to_additional_properties["redis-sentinel"], | ||
| }, | ||
| }, | ||
| } |
| elseif plugin_conf.policy == "redis-sentinel" then | ||
| limit_conf.redis_sentinels = plugin_conf.redis_sentinels | ||
| limit_conf.redis_master_name = plugin_conf.redis_master_name | ||
| limit_conf.sentinel_username = plugin_conf.sentinel_username | ||
| limit_conf.sentinel_password = plugin_conf.sentinel_password | ||
| limit_conf.redis_role = plugin_conf.redis_role | ||
| limit_conf.redis_connect_timeout = plugin_conf.redis_connect_timeout | ||
| limit_conf.redis_read_timeout = plugin_conf.redis_read_timeout | ||
| limit_conf.redis_keepalive_timeout = plugin_conf.redis_keepalive_timeout | ||
| limit_conf.redis_database = plugin_conf.redis_database | ||
| end |
|
I think this should be fixed before merge.
There is also a sentinel wiring gap: the schema accepts Redis master credentials for Suggested fix: add |
… master auth - declare encrypt_fields for redis_password / sentinel_password so the credentials are encrypted at rest, matching limit-count / limit-req - forward redis_username / redis_password in the redis-sentinel branch so a Redis master with ACL/requirepass can be authenticated - add sentinel master-auth schema coverage and a redis_password encryption test
|
Thanks @membphis, good catches. Fixed in the latest commit:
|
Description
The
ai-rate-limitingPlugin currently keeps token counters only in per-worker shared memory (policy = "local"). In a multi-node deployment the counters are not shared across nodes, so the effective quota scales with the number of gateway nodes and over-allows.This PR adds a Redis-based counter policy to the Plugin, reusing the existing
limit-countRedis backends, so counters can be centralized and a single quota is enforced across all nodes.Changes:
policy_to_additional_propertiesfromapisix/plugins/limit-count/init.luaso the Plugin can reuse the shared Redis schema branches.policy(local/redis/redis-cluster/redis-sentinel) andallow_degradationschema fields, plus the Redis attribute wiring intransform_limit_conf.docs/en/latest/plugins/ai-rate-limiting.md.The default remains
local, so existing configurations are unaffected.Which issue(s) this PR fixes:
Fixes #
Checklist