android-emulator: dedicated rate-limit — noVNC's module storm tripped the shared 10/50 limiter
Viktor's 'VNC stuck loading forever' (remote network): noVNC 1.3 is unbundled and fetches ~60 ES modules in parallel on page open; the shared Traefik rate-limit (average 10, burst 50) 429s the tail and noVNC's loader waits on the missing modules indefinitely (reproduced: 38x429 in a 90-request burst through the ingress). Adds a dedicated 50/300 android-emulator-rate-limit middleware (actualbudget/immich pattern) and opts both emulator ingresses out of the shared limiter.
This commit is contained in:
parent
d818f7ed3b
commit
152dad0a40
2 changed files with 34 additions and 0 deletions
|
|
@ -231,6 +231,11 @@ module "ingress-internal" {
|
||||||
extra_annotations = {
|
extra_annotations = {
|
||||||
"gethomepage.dev/enabled" = "false"
|
"gethomepage.dev/enabled" = "false"
|
||||||
}
|
}
|
||||||
|
# noVNC loads ~60 unbundled ES modules in parallel; the default 10/50
|
||||||
|
# limiter 429s the tail and the loader hangs forever. Dedicated limiter,
|
||||||
|
# same pattern as actualbudget/immich.
|
||||||
|
skip_default_rate_limit = true
|
||||||
|
extra_middlewares = ["traefik-android-emulator-rate-limit@kubernetescrd"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Remote (off-LAN) screen access — Authentik-gated at the edge; WebSockets
|
# Remote (off-LAN) screen access — Authentik-gated at the edge; WebSockets
|
||||||
|
|
@ -246,4 +251,9 @@ module "ingress-public" {
|
||||||
host = "android-emulator"
|
host = "android-emulator"
|
||||||
service_name = kubernetes_service.novnc.metadata[0].name
|
service_name = kubernetes_service.novnc.metadata[0].name
|
||||||
tls_secret_name = var.tls_secret_name
|
tls_secret_name = var.tls_secret_name
|
||||||
|
# noVNC loads ~60 unbundled ES modules in parallel; the default 10/50
|
||||||
|
# limiter 429s the tail and the loader hangs forever. Dedicated limiter,
|
||||||
|
# same pattern as actualbudget/immich.
|
||||||
|
skip_default_rate_limit = true
|
||||||
|
extra_middlewares = ["traefik-android-emulator-rate-limit@kubernetescrd"]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -453,3 +453,27 @@ resource "kubernetes_manifest" "middleware_retry" {
|
||||||
|
|
||||||
depends_on = [helm_release.traefik]
|
depends_on = [helm_release.traefik]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# android-emulator noVNC rate limit. noVNC 1.3 ships unbundled: vnc.html
|
||||||
|
# pulls ~60 ES modules in parallel on every page open, and the default
|
||||||
|
# 10/50 limiter 429s the tail — the loader then waits forever on the
|
||||||
|
# missing modules ("stuck on loading", verified 38x429 at a 90-request
|
||||||
|
# burst on 2026-06-12). Same remedy as actualbudget/immich.
|
||||||
|
resource "kubernetes_manifest" "middleware_android_emulator_rate_limit" {
|
||||||
|
manifest = {
|
||||||
|
apiVersion = "traefik.io/v1alpha1"
|
||||||
|
kind = "Middleware"
|
||||||
|
metadata = {
|
||||||
|
name = "android-emulator-rate-limit"
|
||||||
|
namespace = kubernetes_namespace.traefik.metadata[0].name
|
||||||
|
}
|
||||||
|
spec = {
|
||||||
|
rateLimit = {
|
||||||
|
average = 50
|
||||||
|
burst = 300
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
depends_on = [helm_release.traefik]
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue