github.com/nginxinc/kubernetes-ingress@v1.12.5/examples/custom-annotations/README.md (about) 1 # Custom Annotations 2 3 Custom annotations enable you to quickly extend the Ingress resource to support many advanced features of NGINX, such as rate limiting, caching, etc. 4 5 Let's create a set of custom annotations to support [rate-limiting](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html): 6 * `custom.nginx.org/rate-limiting` - enables rate-limiting. 7 * `custom.nginx.org/rate-limiting-rate` - configures the rate of rate-limiting, with the default of `1r/s`. 8 * `custom.nginx.org/rate-limiting-burst` - configures the maximum bursts size of requests with the default of `3`. 9 10 ## Prerequisites 11 12 * Read the [custom annotations doc](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/custom-annotations/) before going through this example first. 13 * Read about [custom templates](../custom-templates). 14 15 ## Step 1 - Customize the Template 16 17 Customize the template for Ingress resources to include the logic to handle and apply the annotations. 18 19 1. Create a ConfigMap file with the customized template (`nginx-config.yaml`): 20 ```yaml 21 kind: ConfigMap 22 apiVersion: v1 23 metadata: 24 name: nginx-config 25 namespace: nginx-ingress 26 data: 27 ingress-template: | 28 . . . 29 # handling custom.nginx.org/rate-limiting` and custom.nginx.org/rate-limiting-rate 30 31 {{if index $.Ingress.Annotations "custom.nginx.org/rate-limiting"}} 32 {{$rate := index $.Ingress.Annotations "custom.nginx.org/rate-limiting-rate"}} 33 limit_req_zone $binary_remote_addr zone={{$.Ingress.Namespace}}-{{$.Ingress.Name}}:10m rate={{if $rate}}{{$rate}}{{else}}1r/s{{end}}; 34 {{end}} 35 36 . . . 37 38 {{range $server := .Servers}} 39 server { 40 41 . . . 42 43 {{range $location := $server.Locations}} 44 location {{$location.Path}} { 45 46 . . . 47 48 # handling custom.nginx.org/rate-limiting and custom.nginx.org/rate-limiting-burst 49 50 {{if index $.Ingress.Annotations "custom.nginx.org/rate-limiting"}} 51 {{$burst := index $.Ingress.Annotations "custom.nginx.org/rate-limiting-burst"}} 52 limit_req zone={{$.Ingress.Namespace}}-{{$.Ingress.Name}} burst={{if $burst}}{{$burst}}{{else}}3{{end}} nodelay; 53 {{end}} 54 55 . . . 56 ``` 57 58 The customization above consists of two parts: 59 * handling the `custom.nginx.org/rate-limiting` and `custom.nginx.org/rate-limiting-rate` annotations in the `http` context. 60 * handling the `custom.nginx.org/rate-limiting` and `custom.nginx.org/rate-limiting-burst` annotation in the `location` context. 61 62 **Note**: for the brevity, the unimportant for the example parts of the template are replaced with `. . .`. 63 64 1. Apply the customized template: 65 ``` 66 $ kubectl apply -f nginx-config.yaml 67 ``` 68 69 1. If the Ingress Controller fails to parse the customized template, it will attach an error event with the corresponding ConfigMap resource. You can see the events by running: 70 ``` 71 $ kubectl describe configmap nginx-config -n nginx-ingress 72 . . . 73 Events: 74 Type Reason Age From Message 75 ---- ------ ---- ---- ------- 76 Normal Updated 12s (x2 over 25s) nginx-ingress-controller Configuration from nginx-ingress/nginx-config was updated 77 ``` 78 In this case, we got the `Updated` event meaning that the template was parsed successfully. 79 80 ### Step 2 - Use Custom Annotations in an Ingress Resource 81 82 1. Create a file with the following Ingress resource (`cafe-ingress.yaml`) and use the custom annotations to enable rate-limiting: 83 ```yaml 84 apiVersion: networking.k8s.io/v1beta1 85 kind: Ingress 86 metadata: 87 name: cafe-ingress 88 annotations: 89 kubernetes.io/ingress.class: "nginx" 90 custom.nginx.org/rate-limiting: "on" 91 custom.nginx.org/rate-limiting-rate: "5r/s" 92 custom.nginx.org/rate-limiting-burst: "1" 93 spec: 94 rules: 95 - host: "cafe.example.com" 96 http: 97 paths: 98 - path: /tea 99 backend: 100 serviceName: tea-svc 101 servicePort: 80 102 - path: /coffee 103 backend: 104 serviceName: coffee-svc 105 servicePort: 80 106 ``` 107 108 1. Apply the Ingress resource: 109 ``` 110 $ kubectl apply -f cafe-ingress.yaml 111 ``` 112 113 1. Since it is possible that the value we put in `custom.nginx.org/rate-limiting-rate` or `custom.nginx.org/rate-limiting-burst` annotation might be considered invalid by NGINX, make sure to run the following command to check if the configuration for the Ingress resource was successfully applied. As with the ConfigMap resource, in case of an error, the Ingress Controller will attach an error event to the Ingress resource: 114 ``` 115 $ kubectl describe ingress cafe-ingress 116 Events: 117 Type Reason Age From Message 118 ---- ------ ---- ---- ------- 119 Normal AddedOrUpdated 2m nginx-ingress-controller Configuration for default/cafe-ingress was added or updated 120 ``` 121 In this case, the config was successfully applied. 122 123 ### Step 3 -- Take a Look at the Generated NGINX Config 124 125 Take a look at the generated config for the cafe-ingress Ingress resource to see how the rate-limiting feature is enabled: 126 ``` 127 $ kubectl exec <nginx-ingress-pod> -n nginx-ingress -- cat /etc/nginx/conf.d/default-cafe-ingress.conf 128 ``` 129 130 ```nginx 131 # configuration for default/cafe-ingress 132 133 . . . 134 135 limit_req_zone $binary_remote_addr zone=default-cafe-ingress:10m rate=5r/s; 136 137 server { 138 listen 80; 139 140 . . . 141 142 location /tea { 143 144 limit_req zone=default-cafe-ingress burst=1 nodelay; 145 146 . . . 147 } 148 149 location /coffee { 150 151 limit_req zone=default-cafe-ingress burst=1 nodelay; 152 153 . . . 154 } 155 156 . . . 157 } 158 ``` 159 **Note**: the unimportant parts are replaced with `. . .`.