Merge pull request kubernetes-sigs#2412 from afirth/2021-11-03-docs-f…

…or-aws-rate-limit [DOCS only] Expand the AWS tutorial with common args to mitigate rate limiting
stevehipwell · Nov 9, 2021 · 8c8880b · 8c8880b
2 parents c9e0c91 + 4588660
commit 8c8880b
Showing 1 changed file with 38 additions and 3 deletions.
diff --git a/docs/tutorials/aws.md b/docs/tutorials/aws.md
@@ -464,6 +464,41 @@ $ aws route53 delete-hosted-zone --id /hostedzone/ZEWFWZ4R16P7IB
 ## Throttling
 
 Route53 has a [5 API requests per second per account hard quota](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests-route-53).
-Running several fast polling ExternalDNS instances in a given account can easily hit that limit. Some ways to circumvent that issue includes:
-* Augment the synchronization interval (`--interval`), at the cost of slower changes propagation.
-* If the ExternalDNS managed zones list doesn't change frequently, set `--aws-zones-cache-duration` (zones list cache time-to-live) to a larger value. Note that zones list cache can be disabled with `--aws-zones-cache-duration=0s`.
+Running several fast polling ExternalDNS instances in a given account can easily hit that limit. Some ways to reduce the request rate include:
+* Reduce the polling loop's synchronization interval at the possible cost of slower change propagation (but see `--events` below to reduce the impact).
+  * `--interval=5m` (default `1m`)
+* Trigger the polling loop on changes to K8s objects, rather than only at `interval`, to have responsive updates with long poll intervals
+  * `--events`
+* Limit the [sources watched](https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L364) when the `--events` flag is specified to specific types, namespaces, labels, or annotations
+  * `--source=ingress --source=service` - specify multiple times for multiple sources
+  * `--namespace=my-app`
+  * `--label-filter=app in (my-app)`
+  * `--annotation-filter=kubernetes.io/ingress.class in (nginx-external)` - note that this filter would apply to services too..
+* Limit services watched by type (not applicable to ingress or other types)
+  * `--service-type-filter=LoadBalancer` default `all`
+* Limit the hosted zones considered
+  * `--zone-id-filter=ABCDEF12345678` - specify multiple times if needed
+  * `--domain-filter=example.com` by domain suffix - specify multiple times if needed
+  * `--regex-domain-filter=example*` by domain suffix but as a regex - overrides domain-filter
+  * `--exclude-domains=ignore.this.example.com` to exclude a domain or subdomain
+  * `--regex-domain-exclusion=ignore*` subtracts it's matches from `regex-domain-filter`'s matches
+  * `--aws-zone-type=public` only sync zones of this type `[public|private]`
+  * `--aws-zone-tags=owner=k8s` only sync zones with this tag
+* If the list of zones managed by ExternalDNS doesn't change frequently, cache it by setting a TTL.
+  * `--aws-zones-cache-duration=3h` (default `0` - disabled)
+* Increase the number of changes applied to Route53 in each batch
+  * `--aws-batch-change-size=4000` (default `1000`)
+* Increase the interval between changes
+  * `--aws-batch-change-interval=10s` (default `1s`)
+
+### EKS
+
+An effective starting point for EKS with an ingress controller might look like:
+
+```bash
+--interval=5m
+--events
+--source=ingress
+--domain-filter=example.com
+--aws-zones-cache-duration=1h
+```