...
Current state: [One of "Under Discussion", "Accepted", "Rejected"]
Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]
JIRA: KAFKA-3492
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
Quota configuration and metrics currently use client-id as the unique key, enforcing one quota for all clients with the same client-id. This will be replaced with a new quota-id. Each quota-id is associated with a pair of producer and consumer rate limits which may be config overrides or the default quota.
quota.secure=false
- Client-id is used as quota-id (Current implementation)
- Each client–id with a quota override uses the overridden limits
- Each client-id without an override gets the default limits
(defaultP, defaultC)
quota.secure=true
- Authenticated principal is used as quota-id if a sub-quota is not specified for the client-id. Otherwise quota-id is the concatenation of principal and client-id. Note that user principals will be base64 encoded hex in the actual implementation, but are shown here as names for readability.
Example:
{user1 : { total: (p1,c1) }, user2 : { total : (p2, c2), clientA : (p2A, c2A), clientB : (p2B, c2B) }}
- All clients of
user1
use the quota-iduser1
. This shares(p1, c1)
amongst the clients of user1 with no individual limits for client-ids. clientA
ofuser2
uses the quota-iduser2clientA
. This gives clients ofuser2
with client-idclientA
a quota of(p2A, c2A).
Similarly for clients with client-idclientB
.clientX
ofuser2
uses the quota-iduser2
.clientY
ofuser2
also uses the same quota-iduser2
. HenceclientX
andclientY
share(p2-p2A-p2B, c2-c2A-c2B)
- All clients of a different
user10
use the quota-iduser10
. This shares(defaultP, defaultC)
amongst the clients ofuser10
.
- All clients of
...