I’m unable to make the rate-limiting plugin work at consumer level.
I have installed kong ingress controller using:kubectl apply -f https://bit.ly/kong-ingress-dbless
as stated int the docs. I’m using my minikube (minikube version: v1.0.1)
We would like to have rate-limiting based on consumer on specific service.
kubectl create secret generic ron-apikey --from-literal=kongCredType=key-auth --from-literal=key=ron-sooper-secret-key
echo "apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: ron
username: ron
credentials:
- ron-apikey" | kubectl apply -f -
echo "
apiVersion: configuration.konghq.com/v1
config:
month: 5000
policy: local
second: 50
consumerRef: ron
kind: KongPlugin
metadata:
name: rate-limit-consumer
namespace: default
plugin: rate-limiting
" | kubectl apply -f -
then I associatedplugins.konghq.com: rate-limit-consumer
When Icurl -i $PROXY_IP/foo | grep X-RateLimit
I see rate limiting applied even if I am not giving Consumer api-key in input.
Any help appreciated.
hbagdi
February 20, 2020, 11:18pm
2
I’m not sure how you landed on that old doc.
Please follow the following doc:
# Using KongPlugin resource
In this guide, we will learn how to use KongPlugin resource to configure
plugins in Kong to modify requests for a specific request path.
The guide will cover configuring a plugin for a specific service, a set of Ingress rules
and for a specific user of the API.
## Installation
Please follow the [deployment](../deployment) documentation to install
Kong Ingress Controller onto your Kubernetes cluster.
## Testing connectivity to Kong
This guide assumes that `PROXY_IP` environment variable is
set to contain the IP address or URL pointing to Kong.
If you've not done so, please follow one of the
[deployment guides](../deployment) to configure this environment variable.
If everything is setup correctly, making a request to Kong should return
show original
Thanks @hbagdi for your reply,
unfortunately that does not seem to work either. Maybe I’m missing something. Thse are the steps to reproduce:
kubectl create secret generic harry-apikey --from-literal=kongCredType=key-auth --from-literal=key=my-sooper-secret-key
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: global-rate-limit
labels:
global: \"true\"
config:
minute: 5
limit_by: consumer
policy: local
plugin: rate-limiting
" | kubectl apply -f -
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: harry-rate-limit
config:
minute: 10
limit_by: consumer
policy: local
plugin: rate-limiting
" | kubectl apply -f -
echo "apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: harry
annotations:
plugins.konghq.com=harry-rate-limit
username: harry
credentials:
- harry-apikey" | kubectl apply -f -
If I call using the api key I get the global rate limiting:
curl -I -H 'apikey: my-sooper-secret-key' $PROXY_IP/foo/status/200
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
X-Cache-Key: d89fa27e41ad3a4f909005c69dd915c2
X-Cache-Status: Bypass
Date: Fri, 21 Feb 2020 08:40:27 GMT
Server: echoserver
X-RateLimit-Limit-minute: 5
X-RateLimit-Remaining-minute: 4
X-Kong-Upstream-Latency: 0
X-Kong-Proxy-Latency: 1
Via: kong/1.4.3
Please let me know if I am doing something wrong.
hbagdi
February 25, 2020, 5:54pm
4
plugins.konghq.com=harry-rate-limit
That's wrong yaml.
Thanks @hbagdi
that’s a typo (kubectl does not even let you create a Kong Consumer with “=” instead of “:” )
You can easily replicate steps above and check that rate limiting by consumer is not overriding the global rate limiting plugin
Please let me know: this feature is quite blocking for kong adoption for us. Should we use another version?
hbagdi
February 26, 2020, 5:56pm
6
Have you actually enabled key-auth plugin on your ingress or service?
Thanks @hbagdi
I didn’t get that without api auth consumer based rate-limiting did not apply.
It works now
Thanks again for your time