Home / Kong Operator / Konnect / Get Started
Edit
Report

Apply Rate Limiting

Uses: Kong Operator
Incompatible with
on-prem
Related Documentation
Operator Documentation
In This Series
  1. Install Kong Operator
  2. Create API Authentication
  3. Create a control plane
  4. Deploy a data plane
  5. Create a Service and Route
  6. Apply Rate Limiting
  7. Enable Proxy Caching
  8. Enable Key Authentication
TL;DR

Use the KongPlugin resource to attach the rate-limiting plugin to a service or route.

Prerequisites

Series Prerequisites

This page is part of the Get Started with the Kong Gateway Operator series.

Complete the previous page, Create a Service and Route before completing this page.

Rate limiting is used to control the rate of requests sent to an upstream service. It can be used to prevent DoS attacks, limit web scraping, and other forms of overuse. Without rate limiting, clients have unlimited access to your upstream services, which may negatively impact availability.

Kong Gateway imposes rate limits on clients through the Rate Limiting plugin. When rate limiting is enabled, clients are restricted in the number of requests that can be made in a configurable period of time. The plugin supports identifying clients as consumers based on authentication or by the client IP address of the requests.

This tutorial uses the Rate Limiting plugin. The Rate Limiting Advanced plugin is also available. The advanced version provides additional features such as support for the sliding window algorithm and advanced Redis support for greater performance.

Create a new KongPlugin

The KongPlugin resource lets you configure and attach plugins like rate-limiting to services or routes in Konnect.

The following example enables rate limiting on a route with the following settings:

  • 5 requests per minute
  • Shared across consumers (no per-consumer limits)
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
plugin: rate-limiting
config:
  minute: 5
  policy: local
" | kubectl apply -f -

Next, apply the KongPlugin resource by annotating the KongRoute resource:

kubectl annotate -n kong kongroute route konghq.com/plugins=rate-limiting

Get the Proxy IP

Retrieve the external IP address of the deployed data plane:

NAME=$(kubectl get -o yaml -n kong service | yq '.items[].metadata.name | select(contains("dataplane-ingress"))')
export PROXY_IP=$(kubectl get svc -n kong $NAME -o jsonpath='{range .status.loadBalancer.ingress[0]}{@.ip}{@.hostname}{end}')
echo $PROXY_IP

Validation

After the plugin is applied, try sending more than 5 requests in a single minute to echo-route. You should begin receiving 429 Too Many Requests responses once the limit is exceeded.

To test the rate-limiting plugin, rapidly send six requests to $PROXY_IP/anything:

for _ in {1..6}; do
  curl  -i $PROXY_IP/anything  
  echo
done

On the last request, you should get a 429 response with the message API rate limit exceeded.

← Previous 5. Create a Service and Route Next → 7. Enable Proxy Caching
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support