Configuration
This plugin is partially compatible with DB-less mode.
The cluster strategy is not supported in DB-less and hybrid modes. For Kong
Gateway in DB-less or hybrid mode, use the redis
strategy.
Compatible protocols
The GraphQL Rate Limiting Advanced plugin is compatible with the following protocols:
grpc
, grpcs
, http
, https
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
name
string requiredThe name of the plugin, in this case
graphql-rate-limiting-advanced
. -
instance_name
stringAn optional custom name to identify an instance of the plugin, for example
graphql-rate-limiting-advanced_my-service
. Useful when running the same plugin in multiple contexts, for example, on multiple services. -
service.name or service.id
stringThe name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/plugins
endpoint. Not required if using/services/SERVICE_NAME|ID/plugins
. -
route.name or route.id
stringThe name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/plugins
endpoint. Not required if using/routes/ROUTE_NAME|ID/plugins
. -
consumer.name or consumer.id
stringThe name or ID of the consumer the plugin targets. Set one of these parameters if adding the plugin to a consumer through the top-level
/plugins
endpoint. Not required if using/consumers/CONSUMER_NAME|ID/plugins
. -
enabled
boolean default:true
Whether this plugin will be applied.
-
config
record required-
identifier
string required default:consumer
Must be one of:ip
,credential
,consumer
How to define the rate limit key. Can be
ip
,credential
,consumer
.
-
window_size
array of typenumber
requiredOne or more window sizes to apply a limit to (defined in seconds).
-
window_type
string default:sliding
Must be one of:fixed
,sliding
Sets the time window to either
sliding
orfixed
.
-
limit
array of typenumber
requiredOne or more requests-per-window limits to apply.
-
sync_rate
number requiredHow often to sync counter data to the central data store. A value of 0 results in synchronous behavior; a value of -1 ignores sync behavior entirely and only stores counters in node memory. A value greater than 0 syncs the counters in that many number of seconds.
-
namespace
stringThe rate limiting library namespace to use for this plugin instance. NOTE: For the plugin instances sharing the same namespace, all the configurations that are required for synchronizing counters, e.g.
strategy
,redis
,sync_rate
,window_size
,dictionary_name
, need to be the same.
-
strategy
string required default:cluster
Must be one of:cluster
,redis
The rate-limiting strategy to use for retrieving and incrementing the limits.
-
dictionary_name
string required default:kong_rate_limiting_counters
The shared dictionary where counters will be stored until the next sync cycle.
-
hide_client_headers
boolean default:false
Optionally hide informative response headers. Available options:
true
orfalse
.
-
cost_strategy
string default:default
Must be one of:default
,node_quantifier
Strategy to use to evaluate query costs. Either
default
ornode_quantifier
.
-
score_factor
number default:1
A scoring factor to multiply (or divide) the cost. The
score_factor
must always be greater than 0.
-
max_cost
number default:0
A defined maximum cost per query. 0 means unlimited.
-
redis
record required-
host
stringA string representing a host name, such as example.com.
-
port
integer between:0
65535
An integer representing a port number between 0 and 65535, inclusive.
-
timeout
integer default:2000
between:0
2147483646
An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
-
connect_timeout
integer between:0
2147483646
An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
-
send_timeout
integer between:0
2147483646
An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
-
read_timeout
integer between:0
2147483646
An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
-
username
string referenceableUsername to use for Redis connections. If undefined, ACL authentication won’t be performed. This requires Redis v6.0.0+. The username cannot be set to
default
.
-
password
string referenceable encryptedPassword to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
-
sentinel_username
string referenceableSentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won’t be performed. This requires Redis v6.2.0+.
-
sentinel_password
string referenceable encryptedSentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
-
database
integer default:0
Database to use for the Redis connection when using the
redis
strategy
-
keepalive_pool_size
integer default:256
between:1
2147483646
The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_size
norkeepalive_backlog
is specified, no pool is created. Ifkeepalive_pool_size
isn’t specified butkeepalive_backlog
is specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low.
-
keepalive_backlog
integer between:0
2147483646
Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil
. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size
. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size
.
-
sentinel_master
stringSentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
-
sentinel_role
string Must be one of:master
,slave
,any
Sentinel role to use for Redis connections when the
redis
strategy is defined. Defining this value implies using Redis Sentinel.
-
sentinel_addresses
array of typestring
len_min:1
Sentinel addresses to use for Redis connections when the
redis
strategy is defined. Defining this value implies using Redis Sentinel. Each string element must be a hostname. The minimum length of the array is 1 element.
-
cluster_addresses
array of typestring
len_min:1
Cluster addresses to use for Redis connections when the
redis
strategy is defined. Defining this value implies using Redis Cluster. Each string element must be a hostname. The minimum length of the array is 1 element.
-
ssl
boolean default:false
If set to true, uses SSL to connect to Redis.
-
ssl_verify
boolean default:false
If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificate
inkong.conf
to specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depth
accordingly.
-
server_name
stringA string representing an SNI (server name indication) value for TLS.
-
-