Set-style API
Use the set-style API to configure your rate limiting rules.
This feature is an Enterprise-only feature that requires a Gloo Gateway Enterprise license.
Before you begin
Follow the Get started guide to install Gloo Gateway, set up a gateway resource, and deploy the httpbin sample app.
Get the external address of the gateway and save it in an environment variable.
Request headers
You can rate limit requests based on certain request headers.
Create a RateLimitConfig to define your rate limiting rules. In the following example, you create a policy that rate limits requests to one request per minute for requests with an
x-type
header.kubectl apply -f - <<EOF apiVersion: ratelimit.solo.io/v1alpha1 kind: RateLimitConfig metadata: name: ratelimit-config namespace: gloo-system spec: raw: setDescriptors: - simpleDescriptors: - key: type value: rateLimit: requestsPerUnit: 1 unit: MINUTE rateLimits: - setActions: - requestHeaders: descriptorKey: type headerName: x-type EOF
Create a RouteOption resource that references the RateLimitConfig that you created.
kubectl apply -f- <<EOF apiVersion: gateway.solo.io/v1 kind: RouteOption metadata: name: ratelimit namespace: httpbin spec: options: rateLimitConfigs: refs: - name: ratelimit-config namespace: gloo-system EOF
Create an HTTPRoute resource for the httpbin app that applies the RouteOption resources that you created and rate limits requests on the
ratelimit.example
domain.kubectl apply -f- <<EOF apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: httpbin-ratelimit namespace: httpbin spec: parentRefs: - name: http namespace: gloo-system hostnames: - ratelimit.example rules: - filters: - type: ExtensionRef extensionRef: group: gateway.solo.io kind: RouteOption name: ratelimit backendRefs: - name: httpbin port: 8000 EOF
Send a few requests to the httpbin app on the
ratelimit.example
domain. Verify that your first request succeeds and you get back a 200 HTTP response code. Because you limited requests to one request per minute, subsequent requests within the same minute fail with a 429 HTTP response code.Example output for a successful response:
* Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < access-control-allow-credentials: true < access-control-allow-origin: * < date: Mon, 22 Apr 2024 18:36:31 GMT < content-length: 0 < x-envoy-upstream-service-time: 0 < server: envoy
Example output when rate limited:
* Mark bundle as not supporting multiuse < HTTP/1.1 429 Too Many Requests < x-envoy-ratelimited: true < date: Mon, 22 Apr 2024 18:33:09 GMT < server: envoy < content-length: 0
Change the RatelimitConfig resource to rate limit requests based on a specific header value. In the following example, the rate limiting rule is applied to the
x-type: exact-value
request header.kubectl apply -f - <<EOF apiVersion: ratelimit.solo.io/v1alpha1 kind: RateLimitConfig metadata: name: ratelimit-config namespace: gloo-system spec: raw: setDescriptors: - simpleDescriptors: - key: type value: exact-value rateLimit: requestsPerUnit: 1 unit: MINUTE rateLimits: - setActions: - requestHeaders: descriptorKey: type headerName: x-type EOF
Send a few requests to the httpbin app on the
ratelimit.example
domain and include thex-type: mytype
request header. Verify that your requests succeed and no rate limiting rules are appliedExample output for a successful response:
* Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < access-control-allow-credentials: true < access-control-allow-origin: * < date: Mon, 22 Apr 2024 18:36:31 GMT < content-length: 0 < x-envoy-upstream-service-time: 0 < server: envoy
Send a few more requests to the httpbin app. This time, include the
x-type: exact-value
request header. Verify that the first request succeeds, but subsequent requests are rate limited.Example output for a successful response:
* Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < access-control-allow-credentials: true < access-control-allow-origin: * < date: Mon, 22 Apr 2024 18:36:31 GMT < content-length: 0 < x-envoy-upstream-service-time: 0 < server: envoy
Example output when rate limited:
* Mark bundle as not supporting multiuse < HTTP/1.1 429 Too Many Requests < x-envoy-ratelimited: true < date: Mon, 22 Apr 2024 18:33:09 GMT < server: envoy < content-length: 0
Optional: Remove the resources that you created in this guide.
kubectl delete ratelimitconfig ratelimit-config -n gloo-system kubectl delete routeoption ratelimit -n httpbin kubectl delete httproute httpbin-ratelimit -n httpbin