rate-limit

RateLimit CRD, GVK: net.demo.orkestra.io/v1alpha1, Kind=RateLimit

healthy network-suite 0.1.0 uptime 52h55m53s

Overview

rate-limit is a custom resource managed by the network-suite operator running on Orkestra. Resources of this type are namespace-scoped.

Field	Value
API Version	`net.demo.orkestra.io/v1alpha1`
Kind	`RateLimit`
GVR (plural)	`net.demo.orkestra.io/v1alpha1, Resource=ratelimits`
Scope	Namespaced

Reconcile Mode

This CRD runs in dynamic mode. Orkestra works directly with the raw unstructured Kubernetes object — no Go code is required. Reconcile logic is expressed declaratively in the Katalog YAML using template expressions like {{ .spec.field }}.

The Generic Reconciler manages the full CR lifecycle: it ensures managed labels are set on every reconcile, adds and removes finalizers, runs onCreate and onReconcile template blocks, emits events, increments metrics, and reports health status.

Configuration

The operator maintains 3 worker goroutines to process reconcile events concurrently. Each worker dequeues one CR key at a time, reconciles it, and returns. The queue has a maximum depth of 100 events.

Orkestra resyncs all managed resources every 15s by re-enqueueing every CR key. This ensures drift caused by external changes is corrected even without a Kubernetes watch event.

Child Resources

When the operator reconciles a rate-limit instance it creates and manages the following Kubernetes resources on its behalf. These are owned by the CR via owner references and are deleted automatically when the CR is deleted (unless deletion protection is active).

Resources listed under onCreate are created on the first reconcile. Resources listed under onReconcile are re-applied on every reconcile cycle. A resource appearing in both phases is created once and kept in sync thereafter.

Kind	Count	Lifecycle phases
`ConfigMap`	1	onCreate
`Secret`	1	onCreate

To see the actual child resources created for a running instance, navigate to the instance's detail page from the network-suite control panel.

kubectl Reference

Use the commands below to interact with rate-limit resources from the command line.

List resources

kubectl get ratelimit -n <namespace>

Describe a resource

kubectl describe ratelimit <name> -n <namespace>

Get YAML

kubectl get ratelimit <name> -n <namespace> -o yaml

Watch for changes

kubectl get ratelimit -n <namespace> -w

Delete a resource

kubectl delete ratelimit <name> -n <namespace>

Filter by Orkestra managed label

kubectl get ratelimit -l orkestra.orkspace.io/managed=true -n <namespace>

Access Control

The operator holds the following RBAC permissions to manage rate-limit resources. 1 configmaps, 1 ratelimits, 1 ratelimits/status, 1 secrets

API Groups	Resources	Verbs
`net.demo.orkestra.io`	`ratelimits`	`get` `list` `watch` `create` `update` `patch` `delete`
`net.demo.orkestra.io`	`ratelimits/status`	`get` `update` `patch`
`core`	`configmaps`	`get` `list` `watch` `create` `update` `patch` `delete`
`core`	`secrets`	`get` `list` `watch` `create` `update` `patch` `delete`