Menu
I need to implement Rate Limiting (based on URL and path) on applications deployed on Kubernetes Cluster (EKS).
I'm looking for a managed way that involves least scripting and does provide an interface through which to manage rate limits for different application.
That system should be able to work accurately at the enterprise level.
Can somebody please suggest me the path/tool/framework to follow in order to achieve it.
492
In a Kubernetes environment, rate limiting is traditionally applied at the ingress layer, restricting the number of requests that an external user can make into the cluster. However, applications with a microservices architecture might also want to apply rate limits between their workloads running inside the cluster.
Kubernetes Ingress is an API object that provides routing rules to manage external users' access to the services in a Kubernetes cluster, typically via HTTPS/HTTP. With Ingress, you can easily set up rules for routing traffic without creating a bunch of Load Balancers or exposing each service on the node.
Rate limiting is matching the flow of traffic to your infrastructure's capacity. There are two parameters to take into account. The rate is the number of requests received by the proxy per unit of time, and the burst is the absolute number of requests held by the middleware.
Rate-limiting is available in NGINX Ingress by using correct annotations. Available options are:
nginx.ingress.kubernetes.io/limit-connections: number of concurrent
connections allowed from a single IP address. A 503 error is
returned when exceeding this limit.nginx.ingress.kubernetes.io/limit-rps: number of requests accepted
from a given IP each second. The burst limit is set to this limit
multiplied by the burst multiplier, the default multiplier is 5.
When clients exceed this limit, limit-req-status-code default: 503 is returned.nginx.ingress.kubernetes.io/limit-rpm: number of
requests accepted from a given IP each minute. The burst limit is
set to this limit multiplied by the burst multiplier, the default
multiplier is 5. When clients exceed this limit,
limit-req-status-code default: 503 is returned.nginx.ingress.kubernetes.io/limit-burst-multiplier: multiplier of
the limit rate for burst size. The default burst multiplier is 5,
this annotation override the default multiplier. When clients exceed
this limit, limit-req-status-code default: 503 is returned.nginx.ingress.kubernetes.io/limit-rate-after: initial number of
kilobytes after which the further transmission of a response to a
given connection will be rate limited. This feature must be used
with proxy-buffering enabled.nginx.ingress.kubernetes.io/limit-rate: number of kilobytes per
second allowed to send to a given connection. The zero value
disables rate limiting. This feature must be used with
proxy-buffering enabled.nginx.ingress.kubernetes.io/limit-whitelist: client IP source ranges
to be excluded from rate-limiting. The value is a comma separated
list of CIDRs.You can read more about NGINX rate limiting here and for NGINX rate limiting in kubernetes in this guide.
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
