Home / Kong Gateway Operator / Konnect / Get Started
Edit
Report

Apply Rate Limiting

Uses: Kong Gateway Operator
Related Documentation
All Operator Documentation
Incompatible with
on-prem
In This Series
  1. Install Kong Gateway Operator
  2. Create API Authentication
  3. Create a Control Plane
  4. Create a Service and Route
  5. Apply Rate Limiting
  6. Enable Proxy Caching
  7. Key Authentication
TL;DR

Use the KongPlugin resource to attach the rate-limiting plugin to a service or route.

Prerequisites

Series Prerequisites

This page is part of the Get Started with the Kong Gateway Operator series.

Complete the previous page, Create a Service and Route before completing this page.

About rate limiting

Rate limiting is used to control the rate of requests sent to an upstream service. It can be used to prevent DoS attacks, limit web scraping, and other forms of overuse. Without rate limiting, clients have unlimited access to your upstream services, which may negatively impact availability.

Kong Gateway imposes rate limits on clients through the Rate Limiting plugin. When rate limiting is enabled, clients are restricted in the number of requests that can be made in a configurable period of time. The plugin supports identifying clients as consumers based on authentication or by the client IP address of the requests.

This tutorial uses the Rate Limiting plugin. The Rate Limiting Advanced plugin is also available. The advanced version provides additional features such as support for the sliding window algorithm and advanced Redis support for greater performance.

Create a new KongPlugin

The KongPlugin resource lets you configure and attach plugins like rate-limiting to services or routes in Konnect.

The following example enables rate limiting on a route with the following settings:

  • 5 requests per minute
  • Shared across consumers (no per-consumer limits)
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
plugin: rate-limiting
config:
  minute: 5
  policy: local
" | kubectl apply -f -

Next, apply the KongPlugin resource by annotating the KongKongroute resource:

kubectl annotate -n kong  route konghq.com/plugins=rate-limiting

Deploy a Data Plane

Apply a DataPlane resource to deploy a Kong Gateway instance that connects to your Konnect Control Plane:

echo '
apiVersion: gateway-operator.konghq.com/v1beta1
kind: DataPlane
metadata:
  name: dataplane-example
  namespace: kong
spec:
  extensions:
  - kind: KonnectExtension
    name: my-konnect-config
    group: konnect.konghq.com
  deployment:
    podTemplateSpec:
      spec:
        containers:
        - name: proxy
          image: kong/kong-gateway:3.10
' | kubectl apply -f -

Get the Proxy IP

Retrieve the external IP address of the deployed Data Plane service:

NAME=$(kubectl get -o yaml -n kong service | yq '.items[].metadata.name | select(contains("dataplane-ingress"))')
export PROXY_IP=$(kubectl get svc -n kong $NAME -o jsonpath='{range .status.loadBalancer.ingress[0]}{@.ip}{@.hostname}{end}')
curl -i $PROXY_IP

Validation

After the plugin is applied, try sending more than 5 requests in a single minute to echo-route. You should begin receiving 429 Too Many Requests responses once the limit is exceeded.

To test the rate-limiting plugin, rapidly send six requests to $PROXY_IP/anything:

for _ in {1..6}; do
  curl  -i $PROXY_IP/anything  
  echo
done

On the last request, you should get a 429 response with the message API rate limit exceeded.

← Previous 4. Create a Service and Route Next → 6. Enable Proxy Caching
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support