Kong ingress controller rate-limit plugin seems to ignore consumer

I’m unable to make the rate-limiting plugin work at consumer level.

I have installed kong ingress controller using:
kubectl apply -f https://bit.ly/kong-ingress-dbless

as stated int the docs. I’m using my minikube (minikube version: v1.0.1)

We would like to have rate-limiting based on consumer on specific service.
These are the steps:

kubectl create secret generic ron-apikey --from-literal=kongCredType=key-auth --from-literal=key=ron-sooper-secret-key

echo "apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: ron
 username: ron
 credentials:
  - ron-apikey" | kubectl apply -f -

echo "
apiVersion: configuration.konghq.com/v1
config:
  month: 5000
  policy: local
  second: 50
consumerRef: ron
kind: KongPlugin
metadata:
  name: rate-limit-consumer
  namespace: default
plugin: rate-limiting
" | kubectl apply -f -

then I associated
plugins.konghq.com: rate-limit-consumer
as an annotation to an ingress I am using.

When I
curl -i $PROXY_IP/foo | grep X-RateLimit

I see rate limiting applied even if I am not giving Consumer api-key in input.

Any help appreciated.

I’m not sure how you landed on that old doc.

Please follow the following doc:

Thanks @hbagdi for your reply,

unfortunately that does not seem to work either. Maybe I’m missing something. Thse are the steps to reproduce:

	kubectl create secret generic harry-apikey --from-literal=kongCredType=key-auth --from-literal=key=my-sooper-secret-key

	echo "
	apiVersion: configuration.konghq.com/v1
	kind: KongPlugin
	metadata:
	  name: global-rate-limit
	  labels:
	    global: \"true\"
	config:
	  minute: 5
	  limit_by: consumer
	  policy: local
	plugin: rate-limiting
	" | kubectl apply -f -

	echo "
	apiVersion: configuration.konghq.com/v1
	kind: KongPlugin
	metadata:
	  name: harry-rate-limit
	config:
	  minute: 10
	  limit_by: consumer
	  policy: local
	plugin: rate-limiting
	" | kubectl apply -f -

	echo "apiVersion: configuration.konghq.com/v1
	kind: KongConsumer
	metadata:
	  name: harry
	  annotations:
	    plugins.konghq.com=harry-rate-limit
	username: harry
	credentials:
	- harry-apikey" | kubectl apply -f -

If I call using the api key I get the global rate limiting:

curl -I -H 'apikey: my-sooper-secret-key' $PROXY_IP/foo/status/200

HTTP/1.1 200 OK

Content-Type: text/plain; charset=UTF-8

Connection: keep-alive

X-Cache-Key: d89fa27e41ad3a4f909005c69dd915c2

X-Cache-Status: Bypass

Date: Fri, 21 Feb 2020 08:40:27 GMT

Server: echoserver

X-RateLimit-Limit-minute: 5

X-RateLimit-Remaining-minute: 4

X-Kong-Upstream-Latency: 0

X-Kong-Proxy-Latency: 1

Via: kong/1.4.3

Please let me know if I am doing something wrong.

plugins.konghq.com=harry-rate-limit


That's wrong yaml.

Thanks @hbagdi

that’s a typo (kubectl does not even let you create a Kong Consumer with “=” instead of “:” )

You can easily replicate steps above and check that rate limiting by consumer is not overriding the global rate limiting plugin

Please let me know: this feature is quite blocking for kong adoption for us. Should we use another version?

Have you actually enabled key-auth plugin on your ingress or service?
It seems not, and that’s why you are seeing this behavior. Please read the full guide I’ve pasted above and follow step by step instructions.

Thanks @hbagdi

I didn’t get that without api auth consumer based rate-limiting did not apply.

It works now

Thanks again for your time


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ