Ambassador Edge Stack can validate incoming requests before routing them to a backing service. In this tutorial, we'll configure Ambassador Edge Stack to use a simple third party rate limit service. (If you don't want to implement your own rate limiting service, Ambassador Edge Stack integrates a powerful, flexible rate limiting service.)
Once completed, you'll have a Kubernetes cluster running Ambassador Edge Stack and the Quote service. Let's walk through adding rate limiting to this setup.
Ambassador Edge Stack delegates the actual rate limit logic to a third party service. We've written a simple rate limit service that:
- listens for requests on port 5000;
- handles gRPC
- allows requests with the
x-ambassador-test-allow: "true"header; and
- marks all other requests as
Here's the YAML we'll start with:
This configuration tells Ambassador Edge Stack about the rate limit service, notably that it is serving requests at
example-rate-limit:5000. Ambassador Edge Stack will see the
RateLimitService and reconfigure itself within a few
seconds, allowing incoming requests to be rate-limited.
Note that you can configure the
RateLimitService to use a specific label
domain is not specified (which is the situation here), the default is
Ambassador Edge Stack only validates requests on
Mappings which set labels to use for rate limiting,
so you'll need to apply
labels to your
Mappings to enable rate limiting. For more information
on the labelling process, see the Rate Limits configuration documentation.
Replace the label that is applied to the
Mapping definition will now look like this:
Note that the
key could be anything you like, but our example rate limiting service expects it to
match the name of the header. Also note that since our
RateLimitService expects to use labels in the
ambassador domain, our
Mapping must match.
curl to a rate-limited URL:
We get a 429, since we are limited.
If we set the correct header value to the service request, we will get a quote successfully:
For more details about configuring the external rate limit service, read the rate limit documentation.