コンテンツにスキップ
|
Kong Ingress Controller
3.0.x
report-issue問題を報告する

このページは、まだ日本語ではご利用いただけません。翻訳中です。

旧バージョンのドキュメントを参照しています。 最新のドキュメントはこちらをご参照ください。

Rate Limiting

Rate limiting is used to control the rate of requests sent to an upstream service. It can be used to prevent DoS attacks, limit web scraping, and other forms of overuse. Without rate limiting, clients have unlimited access to your upstream services, which may negatively impact availability.

Kong Gateway imposes rate limits on clients through the Rate Limiting plugin. When rate limiting is enabled, clients are restricted in the number of requests that can be made in a configurable period of time. The plugin supports identifying clients as consumers based on authentication or by the client IP address of the requests.

Create a rate-limiting KongPlugin

Configuring plugins with Kong Ingress Controller is different compared to how you’d do it with Kong Gateway. Rather than attaching a configuration directly to a service or route, you create a KongPlugin definition and then annotate your Kubernetes resource with the konghq.com/plugins annotation.

This tutorial uses the Rate Limiting plugin. The Rate Limiting Advanced plugin is also available. The advanced version provides additional features such as support for the sliding window algorithm and advanced Redis support for greater performance.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limit-5-min
  annotations:
    kubernetes.io/ingress.class: kong
config:
  minute: 5
  policy: local
plugin: rate-limiting
" | kubectl apply -f -

Associate the plugin with a service or route

Plugins can be linked to a service or a route. Adding a rate limit plugin to a service shares the limit across all routes contained within that service.

kubectl annotate service echo konghq.com/plugins=rate-limit-5-min

Alternatively you can add the rate limit plugin to a route. Adding a rate limit plugin to a route sets a rate limit per-route.

kubectl annotate httproute echo konghq.com/plugins=rate-limit-5-min

kubectl annotate ingress echo konghq.com/plugins=rate-limit-5-min

Test the rate-limiting plugin

To test the rate-limiting plugin, rapidly send six requests to $PROXY_IP/echo:

for i in `seq 6`; do curl -sv $PROXY_IP/echo 2>&1 | grep "< HTTP"; done

The final request receives a HTTP 429 error.

< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 429 Too Many Requests

This shows that the rate limiting plugin is preventing the request from reaching the upstream service.

Further reading

For more information about rate limiting, see scale to multiple pods in the Rate Limiting plugin documentation.