Ingress controller rules not flexible enough

I have been using Kong in ECS to great effect with manual rules I have set up using the REST/API. The rules are something like this:

HOST: service.one → Rate Limit 1000/second
HOST: service.one + api-key: 1234-5678 → Rate Limit 10,000/second
HOST: service.one + api-key: 1234-5678 + PATH: /special-path/* → Rate Limit 150,000/second

There are no examples that I can find on how to configure multiple Ingress rules to the same service and have those rules yield different rate limits. I can do this easily with the REST/API.

I have only been able to successfully configure Kong Ingress in the following way:

SERVICE: service.one
KongPlugin_1: rate-limiting second: 1000

INGRESS: ingress.one with annotations:
– kubernetes.io/ingress.class: kong
– Kong Hub | Plugins and Integrations | Kong - Open-Source API Management and Microservice Management KongPlugin_1

KONG_INGRESS:
route:
hosts:
- service.one
headers:
api-key:
- 1234-5678

And if I try to add any additional ingress pointing to the same service, only the last rule wins. There is no way to merge a hierarchy of rules.

You will want to use consumers with auth plugins and credentials rather than the header-based routes in your example.

With those, you can take advantage of plugin precedence rules to create the 1k/s plugin on the Service only, the 10k/s plugin on the Service and KongConsumer with a 1234-5678 key-auth credential, and the 150k/s plugin on the Service, Ingress with /special-path, and KongConsumer.

Attaching the same KongPlugin instance to multiple resources will create a plugin that attached to each generated Kong resource.