How to rate limit GRPC connections based on authorization (bearer) token in Nginx Ingress?

[bobbidinho]

I am trying to rate limit number GRPC connections based on a token included
in the Authorization header. I tried the following settings in the Nginx
configmap and Ingress annotation but Nginx rate limiting is not working.

```
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-controller
  namespace: default
data:
  http-snippet: |
    limit_req_zone $http_authorization zone=zone-1:20m rate=10r/m;
    limit_req_zone $http_token zone=zone-2:20m rate=10r/m;

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: GRPC
    nginx.ingress.kubernetes.io/configuration-snippet: |
      limit_req zone=zone-1;
      limit_req_log_level notice;
      limit_req_status 429;
```
I try to have Nginx Ingress Controller to rate limit the GRPC/HTTP2 stream
connection based on the value in the $http_authorization variable. I have
modified the Nginx log_format to log the $http_authorization value and
observe that Nginx receives the value. The problem I am facing is that for
some reason the rate limiting rule doesn't get triggered.

Is this the correct approach?

Any help and feedback would be much appreciated!

Thanks

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291431,291431#msg-291431