Kong Gateway advanced rate limiting plugin usage.
The Rate Limiting Advanced plugin does more than the regular Kong Gateway Rate Limiting plugin
Better Control: You can adjust the rate limiter more precisely using settings like ‘limit’ and ‘window_size’. This means you can fine-tune how many requests are allowed within a certain time frame.
Support for Different Redis Configurations: It works with Redis Sentinel, Redis cluster, and Redis SSL, which are different ways of setting up your database. This makes it more flexible for different kinds of setups.
Improved Performance: Rate Limiting Advanced is faster and more accurate. This means it can handle more requests per second while still keeping track of how many requests each user is making. You can even adjust how often it updates this information to make sure it’s running as efficiently as possible. Just tweak the ‘sync_rate’ setting to get the performance you need.”
At Zelarsoft we help customers across the globe in adopting Kong Products
How sync_rate setting works:
How often to sync counter data to the central data store. A value of 0 results in synchronous behavior. a value of -1 ignores sync behavior entirely and only stores counters in node memory. A value greater than 0 will sync the counters in the specified number of seconds.
If you have deployed kong in the k8s with 3 kong pods and wanna set config.window_size = 60 and config.limit = 10. (1min / 60request).
When using config.sync_rate = -1 , if the requests are perfectly distributed among the Kong pods, yes, you might get up to 180 requests per minute in total.
When you use config.sync_rate with a value greater than 0 it depends on how large is the value configured. It’s a balance between how much resources you are willing to spend syncing data among pods and how strict you require the limit to be. For instance, if you set config.sync_rate = 10, pods will get synced every 10 seconds, if your pods receive a burst of requests during this 10 seconds interval, they might answer up to 180 requests too.
Here we are using Redis sentinel as a central data store to store counter values. For that we have to set up Redis sentinel first and provide details in advanced rate limiting plugin.
Install Redis in Ubuntu
sudo su
add-apt-repository ppa:redislabs/redis
apt update && apt install redis
systemctl enable redis-server
Setup Redis Master
vi /etc/redis/redis.conf
Find below configuration, uncomment, and edit them.
bind 0.0.0.0 // place in bind 127.0.0.1 -:: line which is already uncommented
requirepass “<your-password>” // change the password
masterauth “<your-password>” // change the password
Restart the redis service
service redis-server restart
Setup Redis Replica
vi /etc/redis/redis.conf
Find below configuration, uncomment, and edit them
bind 0.0.0.0 // place in bind 127.0.0.1 -:: line which is already uncommented
requirepass “<your-password>” // change the password
replicaof 192.168.5.100 6379 // replace ip with your master node public ip
masterauth “<your-password>” // change the password
Restart the Redis service
service redis-server restart
Note: the difference between Redis master and replica is just one configuration line: replicaof <place-your-master-node-public-ip > 6379
Checking Master — Replica
# Go to your master redis and run this command to enter the redis console
redis-cli
# Authenticate yourself using the requirepass password you set in the redis configuration
auth <your-password>
# Execute below command to check replicas(slaves) connected to master instance.
info replication
# Set sample key value pair to redis master to check replication is working or not
SET foo bar
# Now, go to your replica redis and run this command to enter the redis console
redis-cli
# Authenticate yourself using the requirepass password you set in the redis configuration
auth <your-password>
# Get the sample key you previously set on the master redis
GET foo
# you will get bar in replicas
Configure Redis Sentinel
Create sentinel configuration file
vi /etc/redis/sentinel.conf
Copy below config and place it in Sentinel1
领英推荐
daemonize yes
port 26379
bind 0.0.0.0
supervised systemd
pidfile “/run/redis/redis-sentinel.pid”
logfile “/var/log/redis/sentinel.log”
sentinel monitor mymaster <place-your-master-node-public-ip> 6379 2
sentinel auth-pass mymaster <your-password>
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 6000
sentinel parallel-syncs mymaster 1
Note: In above Change the <your-password> with your requirepass password on redis configuration. In mymaster place you can place your preferred name.
change the ownership of the file to Redis
chown redis:redis /etc/redis/sentinel.conf
Create a Systemd file for sentinel
vi /etc/systemd/system/redis-sentinel.service
Copy & paste this script
[Unit]
Description=Redis Sentinel
After=network.target[Service]
User=redis
Group=redis
Type=notify
ExecStart=/usr/bin/redis-server /etc/redis/sentinel.conf — sentinel
ExecStop=/usr/bin/redis-cli shutdown
Restart=always[Install]
WantedBy=multi-user.target
Save & Exit, and then reload the daemon, start, enable and check the logs of sentinel.
systemctl daemon-reload
# Start the sentinel service
service redis-sentinel start
# Enable the service so the sentinel will start on boot
systemctl enable redis-sentinel
# To see weather the sentinel is configured correctly, look at the sentinel1 log file
tail -f /var/log/redis/sentinel.log
NOTE: Repeat above all the sentinel steps in all Redis nodes incluse master. Because sentinel has to run on all the Redis nodes to monitor the redis state.
Create user in Redis
# Login into redis with default user
redis-cli -h <hostname of your redis instance> -p 6379 -a <redis password>
# Create user and grant full access in redis
ACL SETUSER myuser on >heresetpassword # Set user password
ACL SETUSER myuser on ~* +@all # Assign user permissions
CONFIG REWRITE
# Restart redis to effect changes
sudo systemctl restart redis
Create sentinel user in Redis sentinel
# Login into redis with default user
redis-cli -h <hostname of your redis instance> -p 26379
# Create user and grant full access in redis sentinel
ACL SETUSER myuser on >heresetpassword # Set user password
ACL SETUSER myuser on ~* +@all # Assign user permissions
```
Replica Priority field in the Redis.conf file use
The replica priority is an integer number published by Redis in the INFO output. It is used by Redis Sentinel in order to select a replica to promote into a master if the master is no longer working correctly.
You must place below details in the Configuration of rate limiting advanced plugin
While configuring rate limit plugin with redis sentinel details you have to give your redis instances public ip with sentinel port in sentinel_addresses field. Like <public-ip-of-redis-instance>:26379. Provide redis.username,redis.password, sentinel.username, sentinel_password, sentinel_master (here we used mymaster as sentinel master in sentinel config file), sentinel_role (master), sync_rate (0.02). window_size and limit fields can be set according to your requirement.
About Zelar
Zelarsoft is a trusted partner, specializing in Kong API Gateway solutions and cloud services. As an official Kong partner, we offer end-to-end consulting, implementation, and licensing services to help businesses maximize their API management capabilities. Our Kong licensing solutions ensure that organizations can leverage the full potential of Kong’s enterprise-grade features, including enhanced security, traffic management, and performance optimization.
In addition to Kong's powerful API Gateway, we provide seamless integration with cloud platforms like Google Cloud and AWS, delivering cost-effective and scalable solutions. Our expertise ensures businesses can simplify their infrastructure, maintain compliance, and improve operational efficiency. Whether you're looking to secure your APIs, scale your services, or future-proof your IT environment, Zelarsoft offers tailored solutions that accelerate innovation and reduce complexity.
Schedule a complimentary consultation with Zelarsoft to assess your Kong API Gateway setup and optimize your API management strategy for enhanced security, scalability, and performance.
For more information: https://zelarsoft.com/
Email: [email protected]
Phone: 040-42021524 ; 510-262-2801