perf: ⚡️ allow keepalive to be configured (#83)

* perf: ⚡️ allow keepalive to be configured * terraform-docs: automated action --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ministryofjustice · Mar 19, 2024 · a867e48 · a867e48
1 parent 8cd9152
commit a867e48
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -68,6 +68,7 @@ No modules.
 | <a name="input_enable_owasp"></a> [enable\_owasp](#input\_enable\_owasp) | Use default ruleset from https://github.com/SpiderLabs/owasp-modsecurity-crs/ | `bool` | `false` | no |
 | <a name="input_fluent_bit_version"></a> [fluent\_bit\_version](#input\_fluent\_bit\_version) | fluent bit container version used to exrtact modsec audit logs | `string` | `"2.1.8-amd64"` | no |
 | <a name="input_is_live_cluster"></a> [is\_live\_cluster](#input\_is\_live\_cluster) | For live clusters externalDNS annotation will have var.live\_domain (default *.cloud-platform.service.justice.gov.uk) | `bool` | `false` | no |
+| <a name="input_keepalive"></a> [keepalive](#input\_keepalive) | the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is exceeded, the least recently used connections are closed. https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive | `number` | `0` | no |
 | <a name="input_live1_cert_dns_name"></a> [live1\_cert\_dns\_name](#input\_live1\_cert\_dns\_name) | This is to add the live-1 dns name for eks-live cluster default certificate | `string` | `""` | no |
 | <a name="input_live_domain"></a> [live\_domain](#input\_live\_domain) | The live domain used for externalDNS annotation | `string` | `"cloud-platform.service.justice.gov.uk"` | no |
 | <a name="input_memory_limits"></a> [memory\_limits](#input\_memory\_limits) | value for resources:limits memory value | `string` | `"2Gi"` | no |

diff --git a/main.tf b/main.tf
@@ -59,6 +59,7 @@ resource "helm_release" "nginx_ingress" {
     enable_modsec                  = var.enable_modsec
     enable_latest_tls              = var.enable_latest_tls
     enable_owasp                   = var.enable_owasp
+    keepalive                      = var.keepalive
     default                        = var.controller_name == "default" ? true : false
     name_override                  = "ingress-${var.controller_name}"
     memory_requests                = var.memory_requests

diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
@@ -167,6 +167,7 @@ controller:
     generate-request-id: "true"
     proxy-buffer-size: "16k"
     proxy-body-size: "50m"
+    keepalive: ${keepalive}
 
 %{ if enable_latest_tls }
     ssl-protocols: "TLSv1.2 TLSv1.3"

diff --git a/variables.tf b/variables.tf
@@ -68,6 +68,13 @@ variable "enable_external_dns_annotation" {
   default     = false
 }
 
+variable "keepalive" {
+  description = "the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is exceeded, the least recently used connections are closed. https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive"
+  type        = number
+  default     = 0
+}
+
+
 variable "memory_limits" {
   description = "value for resources:limits memory value"
   default     = "2Gi"