K
Q

Kubernetes Nginx Ingress Rate Limiting

3/10/2021

I'm looking to use annotations like below for rate limiting for DDOS protection

nginx.ingress.kubernetes.io/limit-connections: "50"
nginx.ingress.kubernetes.io/limit-rps: "10"
nginx.ingress.kubernetes.io/limit-rpm: "100"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "20"

My question: These solutions rate limit by IP Address.

Could there be situations where many users (proxy) under one IP address and therefore many users get the one set of rates and thus it affects there usage?

Or is it really one user per IP address?

thanks

-- Adam
kubernetes

Similar Questions

How to set fields that are not exposed in PodTemplate but available in YAML format for Jenkins?
Kubernetes: kubeadm join in master node fail
How to use Ambassador api gateway as a PostgreSQL-aware proxy?
Mongo kubernetes securing
Https certificates and Kubernetes (EKS)

1 Answer

3/10/2021

Nginx ingress uses the A leaky bucket, FIFO queue for the rate-limiting.

Nginx ingress has some limitations like :

  • Requests are counted by client IP, which is not accurate. Not much useful when you want rate-limiting by user identity.
  • It is not easy to monitor rejected requests

By using this you can stop a certain amount of requests it's not accurate you can try with POC.

There is one nice article on rate limiting with Nginx : https://medium.com/titansoft-engineering/rate-limiting-for-your-kubernetes-applications-with-nginx-ingress-2e32721f7f57#:~:text=When%20we%20use%20NGINX%20ingress,configure%20rate%20limits%20with%20annotations.&text=As%20an%20example%20above%2C%20the,qps)%20on%20the%20Hello%20service.

-- Harsh Manvar
Source: StackOverflow