This user guide shows how to configure rate limiting for one of the subdomains.
git clone https://github.com/Kuadrant/kuadrant-controller
This step creates a containerized Kubernetes server locally using Kind, then it installs Istio, Kubernetes Gateway API and kuadrant.
make local-setup
kubectl apply -f examples/toystore/toystore.yaml
kubectl apply -f - <<EOF
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
name: toystore
labels:
app: toystore
spec:
parentRefs:
- name: istio-ingressgateway
namespace: istio-system
hostnames: ["*.toystore.com"]
rules:
- matches:
- path:
type: PathPrefix
value: "/toy"
method: GET
backendRefs:
- name: toystore
port: 80
EOFcurl -v -H 'Host: api.toystore.com' http://localhost:9080/toy
It should return 200 OK.
Note: This only works out of the box on linux environments. If not on linux, you may need to forward ports
kubectl port-forward -n kuadrant-system service/kuadrant-gateway 9080:80
RateLimitPolicy applied for the toystore HTTPRoute.
| Hostname | Rate Limits |
|---|---|
rate-limited.toystore.com |
5 reqs / 10 secs (0.5 rps) |
*.toystore.com |
not rate limited |
kubectl apply -f - <<EOF
---
apiVersion: apim.kuadrant.io/v1alpha1
kind: RateLimitPolicy
metadata:
name: toystore
spec:
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: toystore
rateLimits:
- rules:
- hosts: ["rate-limited.toystore.com"]
configurations:
- actions:
- generic_key:
descriptor_key: "limited"
descriptor_value: "1"
limits:
- conditions:
- "limited == 1"
maxValue: 5
seconds: 10
variables: []
EOFOnly 5 requests every 10 secs on rate-limited.toystore.com allowed.
curl -v -H 'Host: rate-limited.toystore.com' http://localhost:9080/toy
Whereas other.toystore.com is not rate limited.
curl -v -H 'Host: other.toystore.com' http://localhost:9080/toy