How to rate limit GRPC connections based on authorization (bearer) token in Nginx Ingress?
Sergey A. Osokin
osa at freebsd.org.ru
Wed May 5 20:09:40 UTC 2021
hope you're doing well.
Please correct me if I wrong, but this looks like a manifest file for
NGINX Ingress Controller from Kubernetes project itself, i.e.
https://kubernetes.github.io/ingress-nginx/, and if so I'd recommend
to switch to NGINX Ingress Controller for Kubernetes, please visit
https://github.com/nginxinc/kubernetes-ingress/ to get more details.
On Wed, May 05, 2021 at 03:43:46PM -0400, bobbidinho wrote:
> I am trying to rate limit number GRPC connections based on a token included
> in the Authorization header. I tried the following settings in the Nginx
> configmap and Ingress annotation but Nginx rate limiting is not working.
> apiVersion: v1
> kind: ConfigMap
> name: nginx-ingress-controller
> namespace: default
> http-snippet: |
> limit_req_zone $http_authorization zone=zone-1:20m rate=10r/m;
> limit_req_zone $http_token zone=zone-2:20m rate=10r/m;
> apiVersion: extensions/v1beta1
> kind: Ingress
> kubernetes.io/ingress.class: nginx
> nginx.ingress.kubernetes.io/backend-protocol: GRPC
> nginx.ingress.kubernetes.io/configuration-snippet: |
> limit_req zone=zone-1;
> limit_req_log_level notice;
> limit_req_status 429;
> I try to have Nginx Ingress Controller to rate limit the GRPC/HTTP2 stream
> connection based on the value in the $http_authorization variable. I have
> modified the Nginx log_format to log the $http_authorization value and
> observe that Nginx receives the value. The problem I am facing is that for
> some reason the rate limiting rule doesn't get triggered.
> Is this the correct approach?
> Any help and feedback would be much appreciated!
More information about the nginx