Limiting number of client TLS connections

[Zero King]

Hi all,

I want Nginx to limit the rate of new TLS connections and the total (or 
per-worker) number of all client-facing connections, so that under a 
sudden surge of requests, existing connections can get enough share of 
CPU to be served properly, while excessive connections are rejected and 
retried against other servers in the cluster.

I am running Nginx on a managed Kubernetes cluster, so tuning kernel 
parameters or configuring layer 4 firewall is not an option.

To serve existing connections well, worker_connections can not be used, 
because it also affects connections with proxied servers.

Is there a way to implement these measures in Nginx configuration?