Testing configurations for DDOS protection
Proposers
- David Araújo (Instituto de Telecomunicações) ...
Description
Exploring which configurations can be improved to preserve availability during possible DDOS attacks. This may include NGINX rate limiting, IP blacklisting, pod replication, among others.
Demo or definition of done
- NGINX ingress configurations were added to limit the frequency of requests to the WebUI.
- CockroachDB cluster deployment manifest configured to evenly spread the pods across all nodes in the microk8s cluster.
- NATS cluster mode developed and implemented. NATS is now capable of deploying multiple pods and evenly spreading them across the nodes.
During development, some ease-of-use functionalities were also added:
- The variable
REDEPLOYALL
was added to the deploy scripts. This variable overrides the redeploy variables for CockroachDB, NATS and QUESTDB.