|
7 | 7 | corev1 "k8s.io/api/core/v1" |
8 | 8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
9 | 9 | "k8s.io/apimachinery/pkg/runtime" |
| 10 | + |
| 11 | + ratelimittypes "github.com/stacklok/toolhive/pkg/ratelimit/types" |
10 | 12 | ) |
11 | 13 |
|
12 | 14 | // Condition types for MCPServer |
@@ -373,7 +375,7 @@ type MCPServerSpec struct { |
373 | 375 | // RateLimiting defines rate limiting configuration for the MCP server. |
374 | 376 | // Requires Redis session storage to be configured for distributed rate limiting. |
375 | 377 | // +optional |
376 | | - RateLimiting *RateLimitConfig `json:"rateLimiting,omitempty"` |
| 378 | + RateLimiting *ratelimittypes.RateLimitConfig `json:"rateLimiting,omitempty"` |
377 | 379 | } |
378 | 380 |
|
379 | 381 | // ResourceOverrides defines overrides for annotations and labels on created resources |
@@ -525,69 +527,17 @@ type SessionStorageConfig struct { |
525 | 527 | } |
526 | 528 |
|
527 | 529 | // RateLimitConfig defines rate limiting configuration for an MCP server. |
528 | | -// At least one of shared, perUser, or tools must be configured. |
529 | | -// |
530 | | -// +kubebuilder:validation:XValidation:rule="has(self.shared) || has(self.perUser) || (has(self.tools) && size(self.tools) > 0)",message="at least one of shared, perUser, or tools must be configured" |
531 | | -// |
532 | | -//nolint:lll // kubebuilder marker exceeds line length |
533 | | -type RateLimitConfig struct { |
534 | | - // Shared is a token bucket shared across all users for the entire server. |
535 | | - // +optional |
536 | | - Shared *RateLimitBucket `json:"shared,omitempty" yaml:"shared,omitempty"` |
537 | | - |
538 | | - // PerUser is a token bucket applied independently to each authenticated user |
539 | | - // at the server level. Requires authentication to be enabled. |
540 | | - // Each unique userID creates Redis keys that expire after 2x refillPeriod. |
541 | | - // Memory formula: unique_users_per_TTL_window * (1 + num_tools_with_per_user_limits) keys. |
542 | | - // +optional |
543 | | - PerUser *RateLimitBucket `json:"perUser,omitempty" yaml:"perUser,omitempty"` |
544 | | - |
545 | | - // Tools defines per-tool rate limit overrides. |
546 | | - // Each entry applies additional rate limits to calls targeting a specific tool name. |
547 | | - // A request must pass both the server-level limit and the per-tool limit. |
548 | | - // +listType=map |
549 | | - // +listMapKey=name |
550 | | - // +optional |
551 | | - Tools []ToolRateLimitConfig `json:"tools,omitempty" yaml:"tools,omitempty"` |
552 | | -} |
| 530 | +// +gendoc |
| 531 | +type RateLimitConfig = ratelimittypes.RateLimitConfig |
553 | 532 |
|
554 | 533 | // RateLimitBucket defines a token bucket configuration with a maximum capacity |
555 | 534 | // and a refill period. Used by both shared and per-user rate limits. |
556 | | -type RateLimitBucket struct { |
557 | | - // MaxTokens is the maximum number of tokens (bucket capacity). |
558 | | - // This is also the burst size: the maximum number of requests that can be served |
559 | | - // instantaneously before the bucket is depleted. |
560 | | - // +kubebuilder:validation:Required |
561 | | - // +kubebuilder:validation:Minimum=1 |
562 | | - MaxTokens int32 `json:"maxTokens" yaml:"maxTokens"` |
563 | | - |
564 | | - // RefillPeriod is the duration to fully refill the bucket from zero to maxTokens. |
565 | | - // The effective refill rate is maxTokens / refillPeriod tokens per second. |
566 | | - // Format: Go duration string (e.g., "1m0s", "30s", "1h0m0s"). |
567 | | - // +kubebuilder:validation:Required |
568 | | - RefillPeriod metav1.Duration `json:"refillPeriod" yaml:"refillPeriod"` |
569 | | -} |
| 535 | +// +gendoc |
| 536 | +type RateLimitBucket = ratelimittypes.RateLimitBucket |
570 | 537 |
|
571 | 538 | // ToolRateLimitConfig defines rate limits for a specific tool. |
572 | | -// At least one of shared or perUser must be configured. |
573 | | -// |
574 | | -// +kubebuilder:validation:XValidation:rule="has(self.shared) || has(self.perUser)",message="at least one of shared or perUser must be configured" |
575 | | -// |
576 | | -//nolint:lll // kubebuilder marker exceeds line length |
577 | | -type ToolRateLimitConfig struct { |
578 | | - // Name is the MCP tool name this limit applies to. |
579 | | - // +kubebuilder:validation:Required |
580 | | - // +kubebuilder:validation:MinLength=1 |
581 | | - Name string `json:"name" yaml:"name"` |
582 | | - |
583 | | - // Shared token bucket for this specific tool. |
584 | | - // +optional |
585 | | - Shared *RateLimitBucket `json:"shared,omitempty" yaml:"shared,omitempty"` |
586 | | - |
587 | | - // PerUser token bucket configuration for this tool. |
588 | | - // +optional |
589 | | - PerUser *RateLimitBucket `json:"perUser,omitempty" yaml:"perUser,omitempty"` |
590 | | -} |
| 539 | +// +gendoc |
| 540 | +type ToolRateLimitConfig = ratelimittypes.ToolRateLimitConfig |
591 | 541 |
|
592 | 542 | // Permission profile types |
593 | 543 | const ( |
|
0 commit comments