I'm looking to use annotations like below for rate limiting for DDOS protection
nginx.ingress.kubernetes.io/limit-connections: "50"
nginx.ingress.kubernetes.io/limit-rps: "10"
nginx.ingress.kubernetes.io/limit-rpm: "100"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "20"
These solutions rate limit by IP address.
Could there be situations where many users (proxy) under one IP address and therefore many users get the one set of rates and thus it affects there usage?
Or is it really one user per IP address?
Nginx ingress uses the A leaky bucket, FIFO queue for the rate-limiting.
Nginx ingress has some limitations like :
By using this you can stop a certain amount of requests it's not accurate you can try with POC.
There is one nice article on rate limiting with Nginx : https://medium.com/titansoft-engineering/rate-limiting-for-your-kubernetes-applications-with-nginx-ingress-2e32721f7f57#:~:text=When%20we%20use%20NGINX%20ingress,configure%20rate%20limits%20with%20annotations.&text=As%20an%20example%20above%2C%20the,qps)%20on%20the%20Hello%20service.