Add a retroactive one-pager for rate limiting

[negz]

Description of your changes

I spent a bunch of time these evening trying to remember how Crossplane's rate limiting works, and why it works that way. I figured I'd write it all down for next time.

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.
• Added or updated unit tests.
• Added or updated e2e tests.
• Linked a PR or a docs tracking issue to document this change.
• Added backport release-x.y labels to auto-backport this PR.

Need help with this checklist? See the cheat sheet.

[negz]

@turkenh two thoughts come to mind after writing this up.

First, there's not really a need for --max-reconcile-rate in core Crossplane. In theory I like the simplicity of the --max-reconcile-rate flag and the symmetry with providers, but unlike a provider there's no reason to globally limit all Crossplane controllers (e.g. all claims, XRs, packages, etc etc) to achieve a maximum reconcile rate across all of Crossplane, given it's only talking to the API server. At a minimum, we can probably make Crossplane's default --max-reconcile-rate a lot higher (e.g. 100).

Second, I'm not sure why the global rate limiter would affect the workqueue_depth metric as you saw in crossplane-contrib/provider-kubernetes#203. It should be re-adding anything that's rate limited back to the same work queue and thus maintaining the same depth. I would expect to to affect workqueue_duration.

[turkenh]

Wouldn't it be more fair if we put it back to the head of the queue? Why do we change the ordering in the queue?
Maybe I misunderstood something but, as an analogy, I am waiting in a bank queue and when it is my turn I am told by the officer to go to the tail of the queue because he processed enough for that given hour 😅

[negz]

Wouldn't it be more fair if we put it back to the head of the queue?

It would.

Why do we change the ordering in the queue?

No reason, really. 🙂 It just seems to be how all the Kubernetes work queue rate limiting works, and the topic didn't come up until now.

The queueing is all using https://pkg.go.dev/k8s.io/client-go/util/workqueue. When we return RequeueAfter I
believe that translates to an AddAfter, i.e. "add back to the end of the queue after duration D":

https://github.com/crossplane/crossplane-runtime/blob/v1.15.1/pkg/ratelimiter/reconciler.go#L51

We could potentially improve on this by using a RateLimitingQueue inside our ratelimiter.Reconciler. This way there would be two levels of workqueue:

• Outer queue handles per-object exponential backoff. Requests sent to back of outer queue.
• Inner queue handles global max-reconcile-rate. Requests sent to back of inner queue.

I think if we wanted to support requests being sent to the front of the queue after a certain duration we'd need to implement our own work queue.

There's talk of allowing users to supply their own work queue (not only their own rate limiter) in controller-runtime in kubernetes-sigs/controller-runtime#857. If we want to optimize as best as possible, it might be worth pursuing that upstream.

[negz]

@turkenh Given that this is just documenting how things work today, WDYT about approving so I can merge? We can then discuss how it could be better.

[turkenh]

Thanks for taking time for writing this down 🙌