I’m unable to make the rate-limiting plugin work at consumer level.
I have installed kong ingress controller using:
kubectl apply -f https://bit.ly/kong-ingress-dbless
as stated int the docs. I’m using my minikube (minikube version: v1.0.1)
We would like to have rate-limiting based on consumer on specific service.
These are the steps:
kubectl create secret generic ron-apikey --from-literal=kongCredType=key-auth --from-literal=key=ron-sooper-secret-key
echo "apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: ron
username: ron
credentials:
- ron-apikey" | kubectl apply -f -
echo "
apiVersion: configuration.konghq.com/v1
config:
month: 5000
policy: local
second: 50
consumerRef: ron
kind: KongPlugin
metadata:
name: rate-limit-consumer
namespace: default
plugin: rate-limiting
" | kubectl apply -f -
then I associated
plugins.konghq.com: rate-limit-consumer
as an annotation to an ingress I am using.
When I
curl -i $PROXY_IP/foo | grep X-RateLimit
I see rate limiting applied even if I am not giving Consumer api-key in input.
Any help appreciated.
hbagdi
February 20, 2020, 11:18pm
2
I’m not sure how you landed on that old doc.
Please follow the following doc:
# Using KongPlugin resource
In this guide, we will learn how to use KongPlugin resource to configure
plugins in Kong to modify requests for a specific request path.
The guide will cover configuring a plugin for a specific service, a set of Ingress rules
and for a specific user of the API.
## Installation
Please follow the [deployment](../deployment) documentation to install
Kong Ingress Controller onto your Kubernetes cluster.
## Testing connectivity to Kong
This guide assumes that `PROXY_IP` environment variable is
set to contain the IP address or URL pointing to Kong.
If you've not done so, please follow one of the
[deployment guides](../deployment) to configure this environment variable.
If everything is setup correctly, making a request to Kong should return
This file has been truncated. show original
Thanks @hbagdi for your reply,
unfortunately that does not seem to work either. Maybe I’m missing something. Thse are the steps to reproduce:
kubectl create secret generic harry-apikey --from-literal=kongCredType=key-auth --from-literal=key=my-sooper-secret-key
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: global-rate-limit
labels:
global: \"true\"
config:
minute: 5
limit_by: consumer
policy: local
plugin: rate-limiting
" | kubectl apply -f -
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: harry-rate-limit
config:
minute: 10
limit_by: consumer
policy: local
plugin: rate-limiting
" | kubectl apply -f -
echo "apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: harry
annotations:
plugins.konghq.com=harry-rate-limit
username: harry
credentials:
- harry-apikey" | kubectl apply -f -
If I call using the api key I get the global rate limiting:
curl -I -H 'apikey: my-sooper-secret-key' $PROXY_IP/foo/status/200
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
X-Cache-Key: d89fa27e41ad3a4f909005c69dd915c2
X-Cache-Status: Bypass
Date: Fri, 21 Feb 2020 08:40:27 GMT
Server: echoserver
X-RateLimit-Limit-minute: 5
X-RateLimit-Remaining-minute: 4
X-Kong-Upstream-Latency: 0
X-Kong-Proxy-Latency: 1
Via: kong/1.4.3
Please let me know if I am doing something wrong.
hbagdi
February 25, 2020, 5:54pm
4
plugins.konghq.com=harry-rate-limit
That's wrong yaml.
Thanks @hbagdi
that’s a typo (kubectl does not even let you create a Kong Consumer with “=” instead of “:” )
You can easily replicate steps above and check that rate limiting by consumer is not overriding the global rate limiting plugin
Please let me know: this feature is quite blocking for kong adoption for us. Should we use another version?
hbagdi
February 26, 2020, 5:56pm
6
Have you actually enabled key-auth plugin on your ingress or service?
It seems not, and that’s why you are seeing this behavior. Please read the full guide I’ve pasted above and follow step by step instructions.
Thanks @hbagdi
I didn’t get that without api auth consumer based rate-limiting did not apply.
It works now
Thanks again for your time