-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4fa1649
commit a6cbea6
Showing
22 changed files
with
1,473 additions
and
350 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# Rate Limit | ||
|
||
In this example, we deploy a web application, configure load balancing for it via a VirtualServer, and apply a rate limit policy. | ||
|
||
## Prerequisites | ||
|
||
1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller. | ||
1. Save the public IP address of the Ingress Controller into a shell variable: | ||
``` | ||
$ IC_IP=XXX.YYY.ZZZ.III | ||
``` | ||
1. Save the HTTP port of the Ingress Controller into a shell variable: | ||
``` | ||
$ IC_HTTP_PORT=<port number> | ||
``` | ||
## Step 1 - Deploy a Web Application | ||
Create the application deployment and service: | ||
``` | ||
$ kubectl apply -f webapp.yaml | ||
``` | ||
## Step 2 - Deploy the Rate Limit Policy | ||
In this step, we create a policy with the name `rate-limit-policy` that allows only 1 request per second coming from a single IP address. | ||
Create the policy: | ||
``` | ||
$ kubectl apply -f rate-limit.yaml | ||
``` | ||
## Step 3 - Configure Load Balancing | ||
Create a VirtualServer resource for the web application: | ||
``` | ||
$ kubectl apply -f virtual-server.yaml | ||
``` | ||
Note that the VirtualServer references the policy `rate-limit-policy` created in Step 2. | ||
## Step 4 - Test the Configuration | ||
Let's test the configuration. If you access the application at a rate that exceeds one request per second, NGINX will start rejecting your requests: | ||
``` | ||
$ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/ | ||
Server address: 10.8.1.19:8080 | ||
Server name: webapp-dc88fc766-zr7f8 | ||
. . . | ||
|
||
$ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/ | ||
<html> | ||
<head><title>503 Service Temporarily Unavailable</title></head> | ||
<body> | ||
<center><h1>503 Service Temporarily Unavailable</h1></center> | ||
<hr><center>nginx/1.19.1</center> | ||
</body> | ||
</html> | ||
``` | ||
> Note: The command result is truncated for the clarity of the example. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: k8s.nginx.org/v1alpha1 | ||
kind: Policy | ||
metadata: | ||
name: rate-limit-policy | ||
spec: | ||
rateLimit: | ||
rate: 1r/s | ||
key: ${binary_remote_addr} | ||
zoneSize: 10M |
16 changes: 16 additions & 0 deletions
16
examples-of-custom-resources/rate-limit/virtual-server.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: k8s.nginx.org/v1 | ||
kind: VirtualServer | ||
metadata: | ||
name: webapp | ||
spec: | ||
host: webapp.example.com | ||
policies: | ||
- name: rate-limit-policy | ||
upstreams: | ||
- name: webapp | ||
service: webapp-svc | ||
port: 80 | ||
routes: | ||
- path: / | ||
action: | ||
pass: webapp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: webapp | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: webapp | ||
template: | ||
metadata: | ||
labels: | ||
app: webapp | ||
spec: | ||
containers: | ||
- name: webapp | ||
image: nginxdemos/nginx-hello:plain-text | ||
ports: | ||
- containerPort: 8080 | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: webapp-svc | ||
spec: | ||
ports: | ||
- port: 80 | ||
targetPort: 8080 | ||
protocol: TCP | ||
name: http | ||
selector: | ||
app: webapp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.