2

I am trying to implement rate limiting feature to my AKS using nginx ingress rate limiting. I have just provided limit-rps:10 in nginx ingress resource. Still, i dont see expected behavior which is rps * default burst rate. Could somebody help on how rate limiting works in nginx and how to set the configuration in nginx resource?

kind: Ingress
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/limit-rpm":"1","nginx.ingress.kubernetes.io/proxy-body-size":"30m","nginx.ingress.kubernetes.io/rewrite-target":"/$2","nginx.ingress.kubernetes.io/ssl-redirect":"false"},"name":"hop-ingress","namespace":"default"},"spec":{"rules":[{"http":{"paths":[{"backend":{"serviceName":"example-service","servicePort":80},"path":"/"}]}}]}}
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/limit-connections: "1"
    nginx.ingress.kubernetes.io/limit-rps: "1"
    nginx.ingress.kubernetes.io/proxy-body-size: 30m
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
  creationTimestamp: "2021-08-13T13:33:12Z"
  generation: 2
  name: hop-ingress
  namespace: default
  resourceVersion: "21201898"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/hop-ingress
  uid: 574f4cf5-6b66-414f-ba2c-3c36c9d62ef0
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: example-service
          servicePort: 80
        path: /
        pathType: ImplementationSpecific
  - http:
      paths:
      - backend:
          serviceName: productpage
          servicePort: 9080
        path: /productpage(/|$)(.*)
        pathType: ImplementationSpecific
status:
  loadBalancer:
    ingress:
    - ip: 13.71.57.131
danielorn
  • 5,254
  • 1
  • 18
  • 31
guru
  • 97
  • 1
  • 8

1 Answers1

3

limit-rps is a local rate limit settings that is applied on a specific ingress object rather than in a config map provided to the ingress controller.

It will limit the number of requests per second from an IP adress:

nginx.ingress.kubernetes.io/limit-rps: number of requests accepted from a given IP each second. The burst limit is set to this limit multiplied by the burst multiplier, the default multiplier is 5. When clients exceed this limit, limit-req-status-code default: 503 is returned.

Please se below for a dummy example. As you can see nginx.ingress.kubernetes.io/limit-rps: 10 is added under metadata.annotations on the ingress object

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minimal-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/limit-rps: 10
spec:
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: Prefix
        backend:
          service:
            name: test
            port:
              number: 80

It is possible to apply global rate limiting as well, please see the manual for details

danielorn
  • 5,254
  • 1
  • 18
  • 31
  • @danielorn- Thanks for your response!!!!I have implemented above local rate limiting. I have setup limit-rps: 1 .As per my understanding ingress should reject request if request limit exceeds more than 5/sec. I am not getting 503 http code as threshold got increased. – guru Aug 18 '21 at 09:00
  • Can you please update your question with the yaml for the ingress object where you expect rate limiting? – danielorn Aug 18 '21 at 09:01
  • It must be 5 requests per second from the same IP, otherwise it will not kick in. – danielorn Aug 18 '21 at 11:50