1

I am working with nginx-ingress-controller (this is not the same that ingress-nginx )

I have this ingress file

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-test"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/location-snippets: |
      limit_req zone=by_web;
spec:
  ingressClassName: nginx
  rules:
    - host: my.domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80
  tls:
    - hosts:
        - my.domain.com
      secretName: quickstart-example-tls

I was able to define a limit_req using nginx.org/location-snippets.

How can I define the limit_req_zone?

limit_req_zone $request_uri zone=by_web:10m rate=60r/m;

Regards.

JuanPablo
  • 23,792
  • 39
  • 118
  • 164

1 Answers1

0

According to this article from official documentation, you can define limit_req_zone by adding following ConfigMap keys to location-snippets and server-snippets annotations:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-test"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/location-snippets: |
      geo $limit {
        default 1;
        10.0.0.0/8 0;
        192.168.0.0/24 0;
      }
      map $limit $request_uri {
        default '';
        '1'     $binary_remote_addr; 
      }
      limit_req_zone $request_uri zone=by_web:10m rate=1r/s;
    nginx.org/server-snippets: |
      location / {
        limit_req zone=by_web burst=10 nodelay;
      }
spec:
  ingressClassName: nginx
  rules:
    - host: my.domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80
  tls:
    - hosts:
        - my.domain.com
      secretName: quickstart-example-tls

So this will let you rate limit to be defined on requests from anyone who is not on an “allowlist”

Bazhikov
  • 765
  • 3
  • 11