From 507e3a11a18f9e820fcd0b1ac05038d379bf74c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Murat=20=C3=96ZDEM=C4=B0R?= <muratozdemir@tarla.io>
Date: Mon, 18 May 2026 10:22:14 +0300
Subject: [PATCH] docs(roadmap): add rabbitmq network aliases for consistent
 hashing

- Configured 'iklimco-net' aliases for RabbitMQ nodes in prod overlay documentation.
- Updated Step 6 and Step 8 stack snippets to include network aliases and definitions.
- Added a technical note to Step 7 explaining DNS requirements for sticky sessions.
---
 roadmap/prod-env/03-infra-stack-changes.md | 28 +++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/roadmap/prod-env/03-infra-stack-changes.md b/roadmap/prod-env/03-infra-stack-changes.md
index 0a4ad2b..d288ee2 100644
--- a/roadmap/prod-env/03-infra-stack-changes.md
+++ b/roadmap/prod-env/03-infra-stack-changes.md
@@ -103,6 +103,14 @@ Swarm distributes SWAG requests to APISIX replicas via VIP (IPVS round-robin).
 With `policy:local`, each APISIX instance counts independently → the global limit effectively becomes 3× with 3 replicas.
 Switch to `policy:redis` for `PROFILE=prod`.
 
+Keep the following APISIX plugin limits in `init/apisix-core/init.sh` for `test/prod` unless stated otherwise:
+
+| Scope | Plugin | Target limit |
+|-------|--------|--------------|
+| WebSocket `/ws` | `limit-conn` | `conn: 5` per `remote_addr` |
+| Auth routes `/v1/auth/*`, `/v1/users/*` | `limit-count` | `count: 12`, `time_window: 60` per `remote_addr` |
+| Global rule | `limit-count` | `count: 60`, `time_window: 60` per `remote_addr` |
+
 Update the global rate limit block in `init/apisix-core/init.sh`:
 
 ```bash
@@ -117,7 +125,7 @@ if [[ "$PROFILE" != "dev" ]]; then
 
   call_api "global rate limit" -X PUT "$APISIX_ADMIN_URL/global_rules/1" \
     -H "X-API-KEY: $API_KEY" -H "Content-Type: application/json" \
-    -d '{"plugins":{"limit-count":{"count":300,"time_window":60,"key_type":"var","key":"remote_addr","rejected_code":429,"policy":"'"$RATE_POLICY"'","allow_degradation":true'"$RATE_REDIS"'}}}'
+    -d '{"plugins":{"limit-count":{"count":60,"time_window":60,"key_type":"var","key":"remote_addr","rejected_code":429,"policy":"'"$RATE_POLICY"'","allow_degradation":true'"$RATE_REDIS"'}}}'
 fi
 ```
 
@@ -326,6 +334,10 @@ services:
       RABBITMQ_NODENAME: "rabbit@rabbitmq-{{.Node.Hostname}}"
     secrets:
       - rabbitmq_erlang_cookie
+    networks:
+      iklimco-net:
+        aliases:
+          - "rabbitmq-{{.Node.Hostname}}"
     deploy:
       mode: replicated
       replicas: 3
@@ -342,6 +354,10 @@ services:
 secrets:
   rabbitmq_erlang_cookie:
     external: true
+
+networks:
+  iklimco-net:
+    external: true
 ```
 
 ### Cluster join procedure (first setup)
@@ -411,6 +427,8 @@ call_api "upstream rabbitmq" -X PUT "$APISIX_ADMIN_URL/upstreams/rabbitmq-upstre
 
 Consistent hashing by `remote_addr` requires APISIX to see the actual client IP, not the internal IP of the SWAG (Nginx) proxy.
 
+> **DNS Note:** For `chash` to work with node-specific names, the RabbitMQ service must have network aliases configured for each node (e.g., `rabbitmq-{{.Node.Hostname}}`) as shown in Step 6.
+
 Update `template/apisix-core/config.yaml.template`:
 
 ```yaml
@@ -549,6 +567,10 @@ services:
       RABBITMQ_NODENAME: "rabbit@rabbitmq-{{.Node.Hostname}}"
     secrets:
       - rabbitmq_erlang_cookie
+    networks:
+      iklimco-net:
+        aliases:
+          - "rabbitmq-{{.Node.Hostname}}"
     deploy:
       mode: replicated
       replicas: 3
@@ -565,6 +587,10 @@ services:
 secrets:
   rabbitmq_erlang_cookie:
     external: true
+
+networks:
+  iklimco-net:
+    external: true
 ```
 
 ## Step 8 — Monitoring Data Persistence (StorageBox)