diff --git a/README.md b/README.md index e8ead4948..99a9c9a42 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ EOF The user guides section of the docs gathers several use-cases as well as the instructions to implement them using kuadrant. -* [Simple rate limiting for API owners](doc/user-guides/simple-rl-for-api-owners.md) +* [Simple Rate Limiting for Application Developers](doc/user-guides/simple-rl-for-app-developers.md) * [Authenticated Rate Limiting for Application Developers](doc/user-guides/authenticated-rl-for-app-developers.md) * [Gateway rate limiting for cluster operators](doc/user-guides/gateway-rl-for-cluster-operators.md) * [Authenticated rate limiting with JWTs and Kubernetes authnz](doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md) diff --git a/doc/user-guides/simple-rl-for-api-owners.md b/doc/user-guides/simple-rl-for-api-owners.md deleted file mode 100644 index dc73b3c0c..000000000 --- a/doc/user-guides/simple-rl-for-api-owners.md +++ /dev/null @@ -1,137 +0,0 @@ -# Simple Rate Limit For API Owners - -This user guide shows how to configure rate limiting for one of the subdomains. - -### Clone the project - -```sh -git clone https://github.com/Kuadrant/kuadrant-operator -``` - -### Setup environment - -This step creates a containerized Kubernetes server locally using [Kind](https://kind.sigs.k8s.io), -then it installs Istio, Kubernetes Gateway API and kuadrant. - -```sh -make local-setup -``` - -### Apply Kuadrant CR - -```sh -kubectl -n kuadrant-system apply -f - < + +In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic a operations of reading and writing toy records. We will rate limit the `POST /toys` endpoint. + +
+ +## Run the steps ① → ③ + +### ① Setup + +This step uses tooling from the Kuadrant Operator component to create a containerized Kubernetes server locally using [Kind](https://kind.sigs.k8s.io), +where it installs Istio, Kubernetes Gateway API and Kuadrant itself. + +> **Note:** In production environment, these steps are usually performed by a cluster operator with administrator privileges over the Kubernetes cluster. + +Clone the project: + +```sh +git clone https://github.com/Kuadrant/kuadrant-operator && cd kuadrant-operator +``` + +Setup the environment: + +```sh +make local-setup +``` + +Request an instance of Kuadrant: + +```sh +kubectl -n kuadrant-system apply -f - < **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service: +> +> ```sh +> kubectl port-forward -n istio-system service/istio-ingressgateway 9080:80 2>&1 >/dev/null & +> ``` + +### ③ Enforce rate limiting on requests to the Toy Store API + +Create a Kuadrant `RateLimitPolicy` to configure rate limiting: + +![](https://i.imgur.com/2A9sXXs.png) + +```sh +kubectl apply -f - < **Note:** It may take a couple of minutes for the RateLimitPolicy to be applied depending on your cluster. + +
+ +Verify the rate limiting works by sending requests in a loop. + +Up to 5 successful (`200 OK`) requests every 10 seconds to `POST /toys`, then `429 Too Many Requests`: + +```sh +while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H 'Host: api.toystore.com' http://localhost:9080/toys -X POST | egrep --color "\b(429)\b|$"; sleep 1; done +``` + +Unlimited successful (`200 OK`) to `GET /toys`: + +```sh +while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H 'Host: api.toystore.com' http://localhost:9080/toys | egrep --color "\b(429)\b|$"; sleep 1; done +``` + +## Cleanup + +```sh +make local-cleanup +```