Provide the ability to set alert throttling configuration per client

[DelusionalOptimist]

Feature Request

Short Description

As a user, I have multiple clients which consume KubeArmor alerts. Some of them can consume at a faster rate than others without getting overwhelmed. Thus, I'd like to continue receiving alert to those clients even when other clients are being throttled.

Describe the solution you'd like

Either/Both of

Per-client throttling in KubeArmor

Client sends it's alert throttling configuration as part of the RequestMessage while creating the gRPC stream. KubeArmor drops alerts according to this.

Per-client throttling in Relay

In most cases clients connect with relay and relay is the only client of KubeArmor. Thus, client level throttling needs to be handled at this level. This will also mean offloading the logic of dropping alerts from KubeArmor to relay.

Points to think upon

• Performance impact: Since alerts are dropped at the kernel level currently, if we do this, what would be the impact on performance of KubeArmor/Relay.

[abhashsolanki18]

hey @DelusionalOptimist here is the solution and considerations which i think would solve this issue.
Per-Client Throttling at the Relay Level
Modifications in Relay:
Track Client Throttling Configuration: During client connection setup, each client sends its desired throttling configuration to Relay.
Centralized Throttling Logic: Relay receives alerts from KubeArmor without any throttling, then distributes alerts to clients based on each client’s throttling rate. Alerts exceeding a client’s threshold are dropped at Relay.
Performance Impact: Although this approach adds processing in Relay, it avoids modifying KubeArmor’s core alert generation logic. Relay, as a central point, can be scaled independently if needed, reducing any performance bottleneck.
Scalability: Relay can handle more complex per-client configurations and perform logging/tracking of throttled alerts, giving administrators clear insights into each client’s throttling state.