Rate limit the whole mesh Simplify your per service configuration, by configuring the ratelimit service backend for the whole mesh. Configuration Kubernetes Universal Terraform apiVersion: kuma.io/v1alpha1 kind: MeshGlobalRateLimit metadata: name: ratelimit-backend namespace: kong-mesh-system labels: kuma.io/mesh: default spec: targetRef: kind: Mesh from: - targetRef: kind: Mesh default: http: onRateLimit: status: 423 headers: set: - name: x-kuma-rate-limited value: 'true' mode: Limit backend: rateLimitService: url: http://kong-mesh-ratelimit-service:10003 timeout: 25ms type: MeshGlobalRateLimit name: ratelimit-backend mesh: default spec: targetRef: kind: Mesh from: - targetRef: kind: Mesh default: http: onRateLimit: status: 423 headers: set: - name: x-kuma-rate-limited value: 'true' mode: Limit backend: rateLimitService: url: http://kong-mesh-ratelimit-service:10003 timeout: 25ms Please adjust konnect_mesh_control_plane.my_meshcontrolplane.id and konnect_mesh.my_mesh.name according to your current configuration. resource "konnect_mesh_global_rate_limit" "ratelimit_backend" { provider = konnect-beta type = "MeshGlobalRateLimit" name = "ratelimit-backend" spec = { target_ref = { kind = "Mesh" } from = [ { target_ref = { kind = "Mesh" } default = { http = { on_rate_limit = { status = "423" headers = { set = [ { name = "x-kuma-rate-limited" value = "true" } ] } } } mode = "Limit" backend = { rate_limit_service = { url = "http://kong-mesh-ratelimit-service:10003" timeout = "25ms" } } } } ] } labels = { "kuma.io/mesh" = konnect_mesh.my_mesh.name } cp_id = konnect_mesh_control_plane.my_meshcontrolplane.id mesh = konnect_mesh.my_mesh.name }
