How do I apply rate limiting on services using Ingress-NGINX annotations?
To apply rate limiting on services using Ingress-NGINX annotations, we will create a Kubernetes Ingress
resource with specific annotations that configure rate limiting. Ingress-NGINX is a popular ingress controller for Kubernetes that allows you to expose your services to the internet. By using annotations, you can configure various features, including rate limiting, directly in your Ingress
resource.
Explanation
Install Ingress-NGINX Controller: First, ensure that the Ingress-NGINX controller is installed in your Kubernetes cluster. You can follow the official Ingress-NGINX installation guide if you haven’t installed it yet.
Create a Kubernetes Namespace: We will create a namespace for our resources.
Deploy a Sample Application: We will deploy a sample application (e.g., a simple NGINX server) that we will expose through the Ingress.
Create an Ingress Resource with Rate Limiting: We will create an
Ingress
resource with annotations to apply rate limiting.
Program
Let’s write the Pulumi program in TypeScript to achieve this:
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Create a Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
metadata: {
name: "example-namespace",
},
});
// Deploy a sample application (NGINX server)
const appLabels = { app: "nginx" };
const deployment = new k8s.apps.v1.Deployment("nginx-deployment", {
metadata: {
namespace: namespace.metadata.name,
},
spec: {
selector: { matchLabels: appLabels },
replicas: 1,
template: {
metadata: { labels: appLabels },
spec: {
containers: [{
name: "nginx",
image: "nginx:1.19.6",
ports: [{ containerPort: 80 }],
}],
},
},
},
});
// Create a Service to expose the NGINX deployment
const service = new k8s.core.v1.Service("nginx-service", {
metadata: {
namespace: namespace.metadata.name,
labels: appLabels,
},
spec: {
type: "ClusterIP",
ports: [{ port: 80, targetPort: 80 }],
selector: appLabels,
},
});
// Create an Ingress resource with rate limiting annotations
const ingress = new k8s.networking.v1.Ingress("nginx-ingress", {
metadata: {
namespace: namespace.metadata.name,
annotations: {
"nginx.ingress.kubernetes.io/limit-connections": "10", // Limit the number of connections
"nginx.ingress.kubernetes.io/limit-rps": "5", // Limit requests per second
"nginx.ingress.kubernetes.io/limit-burst-multiplier": "1", // Burst multiplier
"nginx.ingress.kubernetes.io/limit-rate-after": "5", // Number of requests after which rate limiting is applied
},
},
spec: {
rules: [{
host: "example.com",
http: {
paths: [{
path: "/",
pathType: "Prefix",
backend: {
service: {
name: service.metadata.name,
port: {
number: 80,
},
},
},
}],
},
}],
},
});
// Export the Ingress URL
export const ingressUrl = pulumi.interpolate`http://${ingress.metadata.name}.${namespace.metadata.name}.svc.cluster.local`;
Detailed Explanation
Namespace Creation: We create a Kubernetes namespace called
example-namespace
to isolate our resources.Sample Application Deployment: We deploy a simple NGINX server using a Kubernetes
Deployment
. This deployment ensures that one replica of the NGINX server is running.Service Creation: We create a Kubernetes
Service
of typeClusterIP
to expose the NGINX deployment within the cluster.Ingress Resource with Annotations: We create an
Ingress
resource with annotations to configure rate limiting. The annotations used are:nginx.ingress.kubernetes.io/limit-connections
: Limits the number of simultaneous connections.nginx.ingress.kubernetes.io/limit-rps
: Limits the number of requests per second.nginx.ingress.kubernetes.io/limit-burst-multiplier
: Sets the burst multiplier.nginx.ingress.kubernetes.io/limit-rate-after
: Applies rate limiting after a specified number of requests.
Ingress URL Export: Finally, we export the Ingress URL, which can be used to access the application.
This Pulumi program sets up rate limiting on an NGINX server exposed through an Ingress resource using Ingress-NGINX annotations. You can adjust the annotations’ values to fit your specific rate limiting requirements.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.