POC - Rate Limit with API Key #7704
Description
POC Scope
- Determine
specof rate limit policy - Should a apiKey policy be required? (context A JWT policy was not required for the JWT RL), yes an APIKey Policy is required to provide the client name for the apikey.
- What would be the key for the rate limit zone? Any valid
apikey_variable could be used. A new variable to identify the client name will be created, for example,apikey_client_name. - Create design document
Example setup with snippets
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: cafe
spec:
http-snippets: |
map $apikey_auth_client_name_nginx_ingress_cafe_api_key_policy $GroupName {
default Group1;
"~^(.*-gold)" Group1;
"~^(.*-plat)" Group2;
}
map $GroupName $Zone1Var {
default "";
Group1 gold;
}
map $GroupName $Zone2Var {
default "";
Group2 plat;
}
limit_req_zone $Zone1Var zone=Zone1:10m rate=5r/m;
limit_req_zone $Zone2Var zone=Zone2:10m rate=15r/s;
host: cafe.example.com
tls:
secret: cafe-secret
policies:
- name: api-key-policy
upstreams:
- name: coffee
service: coffee-svc
port: 80
routes:
- path: /coffee
location-snippets: |
limit_req zone=Zone1;
limit_req zone=Zone2;
action:
pass: coffeeapiVersion: v1
kind: Secret
metadata:
name: api-key-client-secret
type: nginx.org/apikey
data:
client1-gold: Z29sZA== # gold
client2-plat: cGxhdA== # plat
client1: cGFzc3dvcmQ= # passwordMetadata
Metadata
Type
Projects
Status