Cluster information:
Kubernetes version: 1.16.13-gke.401
Cloud being used: GKE
Installation method:
Host OS: Cos
CNI and version: ?
CRI and version: docker
Hi there !
We are currently trying to mitigate DDoS attack on one of our service.
We wanted to use the “rate limitting” feature of the ingress-nginx controller as documented over here:
- https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#rate-limiting
The config seems to have been reloaded an applied properly
kubectl ingress-nginx conf --deployment nginx-ingress-controller -n ingress-nginx | grep -i limit_req
limit_req_status 503;
limit_req_zone $limit_cHJvZHVjdGlvbl9nb3ZpcnR1by1jb21fNzkyNjRlOGYtMzg0ZS00YWE2LThiMmEtNDlmMGFkNDY5MjMz zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps:5m rate=15r/s;
limit_req zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps burst=75 nodelay;
limit_req zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps burst=75 nodelay;
limit_req zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps burst=75 nodelay;
limit_req zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps burst=75 nodelay;
limit_req zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps burst=75 nodelay;
limit_req zone=<NAMESPACE>_<INGRESS_HOST>_79264e8f-384e-4aa6-8b2a-49f0ad469233_rps burst=75 nodelay;
However, we don’t see any effectes on ou graph …
How can I know it is working properly ?
(I know it sounds more like a classic Nginx question but still, wondering if somebody here has a lead)
PS: I have already read:
- http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_log_level
- https://www.nginx.com/blog/rate-limiting-nginx/#Configuring-Related-Features
Without success.
Thank you all for your time and help !
