How to apply multiple rate limits for a single service

Hi Team,

I have service and I need to limit the API based on users and organization.

Example : User A and User B belongs same OrgA. ANy user can access the API 5 times a day and Organization can access the API 8 times a day.

Service

apiVersion: v1
kind: Service
metadata:
  name: kong-my-app
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/plugins: rate-limiting-myapp-1, rate-limiting-myapp
  labels:
    run: kong-my-app
spec:
  type: NodePort
  ports:
  - nodePort: 31687
    port: 8200
    protocol: TCP
  selector:
    run: kong-my-app

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting-myapp-1
config:
  hour: 8
  limit_by: header
  header_name: 'x-org-id'
  policy: local
plugin: rate-limiting

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting-myapp
config:
  hour: 5
  limit_by: header
  header_name: 'x-user-id'
  policy: local
plugin: rate-limiting

**

Service is picking the last plugin provided in the annotation. is it possible to apply same plugin of two variant ?
Please help me if we have any other way to do.

Thanks,
Abdul Razak

Yes. You can create two ingress resources with the plugins and both send to the same service.

Hi @danilo.bondezan

I have created two ingress resources with the same service, but rate-limiter-plugin is different in ingress.

One ingress resources was having rate-limiter by user and another one was having rate-limiter by organization. I was expecting service to have both the rate limits, but unfortunately its having only one of the rate limiter.

ingress-1

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress-1
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/plugins: rate-limiting-myapp-1
spec:
  rules:
  - http:
      paths:
      - pathType: ImplementationSpecific
        path: /my-app
        backend:
          service:
            name: kong-my-app
            port:
              number: 8200

ingress-2

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress-2
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/plugins: rate-limiting-myapp-2
spec:
  rules:
  - http:
      paths:
      - pathType: ImplementationSpecific
        path: /my-app
        backend:
          service:
            name: kong-my-app
            port:
              number: 8200

rate-limiter-1

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting-myapp-1
config:
  minute: 5
  limit_by: header
  header_name: 'x-user-id'
  policy: local
plugin: rate-limiting

rate-limiter-2

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting-myapp-2
config:
  minute: 10
  limit_by: header
  header_name: 'x-org-id'
  policy: local
plugin: rate-limiting

In kong documentation, it was mentioned that, we can apply multiple limits in Rate-limiting-advanced plugin. is it so ?. is there any way to apply it in free tier ?
Tip: The Rate Limiting Advanced plugin provides the ability to apply multiple limits in sliding or fixed windows.

The multiple limits mentioned on the doc is related to multiple windows.

For example, you can set 50 requests per hour and 5 per minute.

X-Ratelimit-Limit-Hour: 50
X-Ratelimit-Limit-Minute: 5
X-Ratelimit-Remaining-Hour: 49
X-Ratelimit-Remaining-Minute: 4

For your use case, I reckon you should apply rate limiting plugin on consumer.