I am trying to implement the rate limit by IP address based on the user type (i.e register users/non register users) in Kubernetes ingress controller. I have created the two Key Authentication and rate limit plugin, apply the same to the ingress controller but the rate limit was not set based on the key-auth plugin. Please let me know how can we apply the rate limit plugin based on the user type.
Could you share the plugin configuration manifests you have, and examples of what requests you’re sending (e.g. curl output or similar) that demonstrate the unexpected behavior?
In general, the rate-limiting plugin will limit by some criteria (in your case, probably
limit_by = credential or
limit_by = consumer), and if those criteria are not available, it will fall back to identifying clients by their IP. If this is a single plugin configuration, the same limit will apply to all users, but it should be accounted based on their identified credential or consumer when available.
If you want to instead apply different limits to identified and unknown/IP-only users, you’d normally create multiple rate-limiting configurations, one applied to the route/service only (to apply generic limits to unidentified clients) and then one or more applied to route+consumer (to apply specific limits to identified clients). The latter are handled by adding annotations for that plugin configuration to both the KongConsumer and to the Ingress (or Service).
Thanks for your update.
I will update the configuration file. However, In my case the consumer or credential plugin should create from UI service (i.e dynamically) if the user sign-up or register. Is it possible with Kong Ingress controller?
The controller/Kong don’t provide a means for self-service consumer registration/integration on their own–they’re aware of what consumers and associated plugin configuration exist, but they don’t handle creation of those consumers.
Our Enterprise suite does offer that via the Developer Portal–you may be particularly interested in the application registration capabilities introduced in 1.5.