fix(ratelimit): isolate rate limiters per ModelRoute

[nXtCyberNet]

/kind enhancement
/kind bug

What this PR does / Why we need it

Fixes a multi-tenant rate limit isolation issue where rate limiters were keyed only by model name. When multiple ModelRoutes referenced the same model, they could unintentionally share the same limiter state and Redis token bucket, causing one route's configuration to affect another.

Changes

• Scope rate limiters using namespace/routeName instead of modelName.
• Update router callbacks to use namespace-scoped limiter keys.
• Update limiter add, delete, and lookup paths to use the new key.
• Redis keys are now automatically isolated per ModelRoute.

Tests

Added unit and Redis-backed integration tests to verify:

• Independent limiter state per ModelRoute.
• Isolated Redis token buckets.
• No cross-route interference when consuming tokens.

Issue

Fixes #1043

User-Facing Changes

NONE

NONE

[volcano-sh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yaozengzeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pkg/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Code Review

This pull request refactors the TokenRateLimiter to use a limiterKey (combining namespace and route) instead of a model name, allowing for better rate-limiting isolation. Unit tests have been updated, and a new isolation test has been added. The review feedback highlights two key issues: a potential nil pointer dereference panic in AddOrUpdateLimiter when the ratelimit configuration is nil, and a multi-tenancy limitation where a single shared Redis client is reused across different configurations, potentially ignoring unique Redis settings.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates the rate limiter tests and internals to key limiters by a composite identifier (e.g., namespace/modelRouteName) to improve isolation between routes, and adds a Redis-backed isolation test to validate distinct global limiter keys.

Changes:

• Switched tests from a single model key to a composite limiterKey built from namespace + route name.
• Updated AddOrUpdateLimiter / DeleteLimiter internals to use the provided limiter key when creating/storing limiters.
• Added a global (Redis) isolation test to ensure different routes do not share the same Redis limiter key.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
pkg/kthena-router/filters/ratelimit/ratelimit_test.go	Refactors unit tests to use a composite limiter key and adds a helper to build it.
pkg/kthena-router/filters/ratelimit/ratelimit.go	Renames parameters and uses the composite limiter key for map entries and global limiter construction.
pkg/kthena-router/filters/ratelimit/global_test.go	Adds a Redis-backed isolation test verifying separate keys per route.

Comments suppressed due to low confidence (1)

pkg/kthena-router/filters/ratelimit/ratelimit.go:1

• The receiver API is now mixed between model (e.g., RecordOutputTokens(model string, ...)) and limiterKey (e.g., AddOrUpdateLimiter / DeleteLimiter). Since callers are now passing composite keys, rename the remaining model parameters in this type’s public methods to limiterKey for consistency and to reduce confusion about what the string represents.

/*

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[nXtCyberNet]

/retest

[volcano-sh-bot]

@nXtCyberNet: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[LiZhenCheng9527]

To be honest, I don’t really understand what ‘limiterKey’ refers to. Changing the name of this formal parameter isn’t a good idea.

[nXtCyberNet]

Hi @LiZhenCheng9527 ,
So currently the ratelimit was defined by only the model which cause there is no namespace level isolation that cause the follow ratelimit bug :

ModelRoute-1 (namespace-a, model: llama-70b, tokenLimit: 100 tokens/min) 
  → Redis key: "llama-70b"

ModelRoute-2 (namespace-b, model: llama-70b, tokenLimit: 50 tokens/min)
  → Redis key: "llama-70b"  ← SAME KEY ❌

Result: ModelRoute-2's update OVERWRITES ModelRoute-1's token bucket
        Both namespaces now share the SAME token bucket with 50 tokens/min
        namespace-a requests get rate-limited incorrectly ❌

Which is inconsistent and breaks ratelimit if multiple teams were using the same model with different configs ,

So after changing the model name key to limiterkey - namespace/routename , since the routename is crd , so it's itself a unique name , so this will also allow per route rate limit isolation too
Like this

ModelRoute-1 (namespace-a, model: llama-70b, tokenLimit: 100 tokens/min)
  → Redis key: "namespace-a/modelroute-1"
  → Independent token bucket with 100 tokens/min

ModelRoute-2 (namespace-b, model: llama-70b, tokenLimit: 50 tokens/min)
  → Redis key: "namespace-b/modelroute-2"
  → Independent token bucket with 50 tokens/min ✅

Result: Each ModelRoute has its own isolated token bucket
namespace-a can use 100 tokens/min, namespace-b uses 50 tokens/min

,

Also it act same even if multiple routes were created in a same namespace

And the limitkey is a code level refactoring so also there is no userside level change , WDYT?

[hzxuzhonghu]

This PR does not appear to actually fix #1043. The diff only renames the model parameter to limiterKey in ratelimit.go and updates tests; the real call sites in router.go are unchanged, so limiters are still keyed by model name at runtime.

Blocking issues in pkg/kthena-router/router/router.go (not in this diff):

• L112 AddOrUpdateLimiter(data.ModelName, ...) and L118 DeleteLimiter(data.ModelName) still register/delete by bare model name, so two ModelRoutes sharing a model still collide. These should use a namespace/routeName key derived from data.ModelRoute.
• L278 RateLimit(modelName, promptStr) enforces using the model name from the request body, and it runs (step 2) before route resolution via MatchModelServer (L352, step 3). At that point only the model name is available, so there is no unique route key to use. Since the bug is specifically about multiple routes mapping to one model, enforcement needs the route resolved first (or moved after matching).
• L814 and L1116 RecordOutputTokens(modelName, ...) keep output accounting shared across routes and must use the same key.

Until the router.go callbacks and request flow are updated, the isolation fix is not effective in production.

Positive: the ratelimit.go refactor threads the key consistently, and Redis key derivation already isolates correctly once a unique key is passed — the limiter layer is ready, the callers are not.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 8 comments.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.

[nXtCyberNet]

Hi @hzxuzhonghu
So , when I was changing the resolution flow based on your comment , I come to a close end , where the ratelimiter requires the modelroute identity that I can get only after the matchmodelserver that was happening inside the doLoadbalance().

But this breaks the fairness scheduling - the rate limited request would be enqueued , prioritised , and scheduled before rejected , increase latency and queue ,
So I have a proposal for moving the matchmodelserver early instead of its in the doLoadbalance() , we can move it to the handlefunc

So the request will became like this -

1. Call matchmodelserver in starting and then cache the mached modelroute , modelservername , islors and any matching error in the gin context , so we can use it in the doLoadbalance, without calling matchmodelserver again that maybe cause drift in answer when called twice in same flow ,
2. If modelroute matches it check the ratelimit immediately if rate- limited return 429 as the normal workflow ,
   And for the case of httproute/inferencepool request , since they both didnot requires the ratelimiter , they can be skipped or allowed immediately as no config found for them ,

Also this will also allow us to add ratelimit in the inferencepool/httproute which is currently didnot exist , however I want to know why we didnot needed then here ,

Let me know what you think about this if the design make sense please review the pr , if not no issues I will just close the pr , thanks

[nXtCyberNet]

@hzxuzhonghu any updates?