Clair should implement some sort of rate limiting mechanism to prevent itself from becoming overwhelmed in the event of a large volume of requests.  Currently Clair is expecting the client (e.g. quay) to be well behaved and govern the amount of requests being sent.

The Clair APIs should return a 429 when the number of requests from the same IP address arriving within a specific (short) amount of time exceeds a configurable number.

This is something that we need to add prior to standing up Clair V4 in production for quay.io.