Tekton · Rate Limits

Tekton Rate Limits

Tekton itself does not enforce HTTP rate limits — its primary API is the Kubernetes API server, which applies its own request-rate limits (max-requests-inflight, max-mutating-requests-inflight, APF — API Priority and Fairness). Tekton controllers expose tunable knobs for concurrent reconciles, throttling outbound calls to the Kubernetes API, and the EventListener Sink. Tekton Triggers EventListeners are protected only by their own ingress / reverse-proxy configuration. Operators are responsible for placing rate limits at the cluster ingress, the EventListener service, and the Tekton Hub front-end if exposed publicly.

Tekton Rate Limits is the machine-readable rate-limit profile for Tekton on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 5 rate-limit definitions, measuring kube-api-requests-per-second, kube-api-burst, pipelineruns, webhooks-per-second, and requests-per-priority-level.

The profile also includes 4 backoff/retry policies defined and response codes documented for unauthenticated, forbidden, and tooManyRequests.

Tagged areas include DevOps, CI/CD, Kubernetes, Open Source, and Rate Limiting.

5 Limits
DevOpsCI/CDKubernetesOpen SourceRate Limiting

Limits

Controller QPS to Kubernetes API tekton-controller
kube-api-requests-per-second · second
50
Default client-go QPS on the Tekton Pipelines controller; tunable via the kube-api-qps / kube-api-burst flags. Increase on large clusters with many concurrent runs.
Controller Burst to Kubernetes API tekton-controller
kube-api-burst · burst
50
Default client-go burst on the Tekton Pipelines controller; tunable via the same flags as above.
Concurrent PipelineRuns namespace
pipelineruns · simultaneous
-1
No built-in cap. Operators typically use Kubernetes ResourceQuotas (requests.cpu, pods, count/pipelineruns.tekton.dev) to bound concurrency per namespace.
EventListener Throughput eventlistener
webhooks-per-second · second
-1
Sized by the EventListener Sink replica count and the underlying ingress / load balancer. No application-level rate limit; place IP- or token-level limits at ingress.
API Priority and Fairness kubernetes-api-server
requests-per-priority-level · simultaneous
-1
Kubernetes APF assigns Tekton controller traffic to a flow-schema; tune APF to give Tekton appropriate share of in-flight slots in busy clusters.

Policies

Operator-Imposed Rate Limiting
Place an ingress / API gateway in front of Tekton Triggers EventListeners and the Tekton Dashboard, applying per-source-IP and per-token rate limits suitable for your tenancy.
APF Tuning
For large clusters, configure Kubernetes API Priority and Fairness flow-schemas to allocate sufficient concurrency to the Tekton Pipelines controller (system service-account targeting tekton-pipelines namespace).
Resource Quotas
Apply ResourceQuotas and LimitRanges per namespace to bound concurrent PipelineRuns and the resources they consume.
Hub Public Surface
The public Tekton Hub at hub.tekton.dev is governed by its hosting provider; rate limits are not contractually published.

Sources