You are browsing documentation for an outdated version. See the latest documentation here.
Rate Limit is an inbound policy. Dataplanes whose configuration is modified are in the
RateLimit policy leverages
Envoy’s local rate limiting
to allow for per-instance service request limiting. All HTTP/HTTP2 based requests are supported.
You can configure how many requests are allowed in a specified time period, and how the service responds when the limit is reached.
The policy is applied per service instance. This means that if a service
backend has 3 instances rate limited to 100 requests per second, the overall service is rate limited to 300 requests per second.
When rate limiting to an ExternalService, the policy is applied per sending service instance.`
conf section of the
RateLimit resource provides the following configuration options:
requests- the number of requests to limit
interval- the interval for which
requestswill be limited
onRateLimit(optional) - actions to take on RateLimit event
status(optional) - the status code to return, defaults to
headers- list of headers which should be added to every rate limited response:
key- the name of the header
value- the value of the header
append(optional) - should the value of the provided header be appended to already existing headers (if present)
This policy is applied on the destination data plane proxy and generates a set of matching rules for the originating
service. These matching rules are ordered from the most specific one, to the more generic ones. Given the
apiVersion: kuma.io/v1alpha1 kind: RateLimit mesh: default metadata: name: rate-limit-all-to-backend spec: sources: - match: kuma.io/service: "*" destinations: - match: kuma.io/service: backend_default_svc_80 conf: http: requests: 5 interval: 10s --- apiVersion: kuma.io/v1alpha1 kind: RateLimit mesh: default metadata: name: rate-limit-frontend spec: sources: - match: kuma.io/service: "frontend_default_svc_80" destinations: - match: kuma.io/service: backend_default_svc_80 conf: http: requests: 10 interval: 10s --- apiVersion: kuma.io/v1alpha1 kind: RateLimit mesh: default metadata: name: rate-limit-frontend-zone-eu spec: sources: - match: kuma.io/service: "frontend_default_svc_80" kuma.io/zone: "eu" destinations: - match: kuma.io/service: backend_default_svc_80 conf: http: requests: 20 interval: 10s
backend is configured with the following rate limiting hierarchy:
RateLimit, when applied to a dataplane proxy bound Kong Mesh service, is an Inbound Connection Policy.
When applied to an ExternalService,
RateLimit is an Outbound Connection Policy. In this case, the only supported value for
Builtin Gateway support
Kong Mesh Gateway supports the
RateLimit connection policy.
Rate limits are configured on each Envoy route by selecting the best Rate Limit policy that matches the source and destination.