1. Answers
  2. Apply rate limiting on services using Ingress-NGINX annotations

How do I apply rate limiting on services using Ingress-NGINX annotations?

To apply rate limiting on services using Ingress-NGINX annotations, we will create a Kubernetes Ingress resource with specific annotations that configure rate limiting. Ingress-NGINX is a popular ingress controller for Kubernetes that allows you to expose your services to the internet. By using annotations, you can configure various features, including rate limiting, directly in your Ingress resource.

Explanation

  1. Install Ingress-NGINX Controller: First, ensure that the Ingress-NGINX controller is installed in your Kubernetes cluster. You can follow the official Ingress-NGINX installation guide if you haven’t installed it yet.

  2. Create a Kubernetes Namespace: We will create a namespace for our resources.

  3. Deploy a Sample Application: We will deploy a sample application (e.g., a simple NGINX server) that we will expose through the Ingress.

  4. Create an Ingress Resource with Rate Limiting: We will create an Ingress resource with annotations to apply rate limiting.

Program

Let’s write the Pulumi program in TypeScript to achieve this:

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
    metadata: {
        name: "example-namespace",
    },
});

// Deploy a sample application (NGINX server)
const appLabels = { app: "nginx" };
const deployment = new k8s.apps.v1.Deployment("nginx-deployment", {
    metadata: {
        namespace: namespace.metadata.name,
    },
    spec: {
        selector: { matchLabels: appLabels },
        replicas: 1,
        template: {
            metadata: { labels: appLabels },
            spec: {
                containers: [{
                    name: "nginx",
                    image: "nginx:1.19.6",
                    ports: [{ containerPort: 80 }],
                }],
            },
        },
    },
});

// Create a Service to expose the NGINX deployment
const service = new k8s.core.v1.Service("nginx-service", {
    metadata: {
        namespace: namespace.metadata.name,
        labels: appLabels,
    },
    spec: {
        type: "ClusterIP",
        ports: [{ port: 80, targetPort: 80 }],
        selector: appLabels,
    },
});

// Create an Ingress resource with rate limiting annotations
const ingress = new k8s.networking.v1.Ingress("nginx-ingress", {
    metadata: {
        namespace: namespace.metadata.name,
        annotations: {
            "nginx.ingress.kubernetes.io/limit-connections": "10", // Limit the number of connections
            "nginx.ingress.kubernetes.io/limit-rps": "5", // Limit requests per second
            "nginx.ingress.kubernetes.io/limit-burst-multiplier": "1", // Burst multiplier
            "nginx.ingress.kubernetes.io/limit-rate-after": "5", // Number of requests after which rate limiting is applied
        },
    },
    spec: {
        rules: [{
            host: "example.com",
            http: {
                paths: [{
                    path: "/",
                    pathType: "Prefix",
                    backend: {
                        service: {
                            name: service.metadata.name,
                            port: {
                                number: 80,
                            },
                        },
                    },
                }],
            },
        }],
    },
});

// Export the Ingress URL
export const ingressUrl = pulumi.interpolate`http://${ingress.metadata.name}.${namespace.metadata.name}.svc.cluster.local`;

Detailed Explanation

  1. Namespace Creation: We create a Kubernetes namespace called example-namespace to isolate our resources.

  2. Sample Application Deployment: We deploy a simple NGINX server using a Kubernetes Deployment. This deployment ensures that one replica of the NGINX server is running.

  3. Service Creation: We create a Kubernetes Service of type ClusterIP to expose the NGINX deployment within the cluster.

  4. Ingress Resource with Annotations: We create an Ingress resource with annotations to configure rate limiting. The annotations used are:

    • nginx.ingress.kubernetes.io/limit-connections: Limits the number of simultaneous connections.
    • nginx.ingress.kubernetes.io/limit-rps: Limits the number of requests per second.
    • nginx.ingress.kubernetes.io/limit-burst-multiplier: Sets the burst multiplier.
    • nginx.ingress.kubernetes.io/limit-rate-after: Applies rate limiting after a specified number of requests.
  5. Ingress URL Export: Finally, we export the Ingress URL, which can be used to access the application.

This Pulumi program sets up rate limiting on an NGINX server exposed through an Ingress resource using Ingress-NGINX annotations. You can adjust the annotations’ values to fit your specific rate limiting requirements.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up