add auth rate limit config (#78)

neondatabase · Apr 24, 2024 · 30e0de0 · 30e0de0
1 parent 0775f48
commit 30e0de0
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/charts/neon-proxy/Chart.yaml b/charts/neon-proxy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: neon-proxy
 description: Neon Proxy
 type: application
-version: 1.7.21
+version: 1.7.22
 appVersion: "0.1.0"
 kubeVersion: "^1.18.x-x"
 home: https://neon.tech

diff --git a/charts/neon-proxy/README.md b/charts/neon-proxy/README.md
@@ -1,6 +1,6 @@
 # neon-proxy
 
-![Version: 1.7.21](https://img.shields.io/badge/Version-1.7.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![Lint and Test Charts](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml/badge.svg)](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml)
+![Version: 1.7.22](https://img.shields.io/badge/Version-1.7.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![Lint and Test Charts](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml/badge.svg)](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml)
 
 Neon Proxy
 
@@ -65,6 +65,8 @@ Kubernetes: `^1.18.x-x`
 | serviceAccount.name | string | `""` |  |
 | settings.authBackend | string | `"link"` | auth method used (console|link|postgres) |
 | settings.authEndpoint | string | `""` | auth endpoint, e.g. "http://console.neon/authenticate_proxy_request/" |
+| settings.authRateLimits | string | `nil` |  |
+| settings.authRateLimitsEnabled | bool | `nil` | Whether to enable the authentication rate limiter |
 | settings.awsAccessKeyId | string | `""` | (string) AWS Access Key ID |
 | settings.awsRegion | string | `""` | (string) Aws region to retrieve credentials |
 | settings.awsSecretAccessKey | string | `""` | (string) AWS Secret Access Key |

diff --git a/charts/neon-proxy/templates/deployment.yaml b/charts/neon-proxy/templates/deployment.yaml
@@ -111,6 +111,12 @@ spec:
             {{- range .Values.settings.endpointRpsLimits }}
             - --endpoint-rps-limit={{ . }}
             {{- end }}
+            {{- if .Values.settings.authRateLimitsEnabled }}
+            - --auth-rate-limit-enabled
+            {{- end }}
+            {{- range .Values.settings.authRateLimits }}
+            - --auth-rate-limit={{ . }}
+            {{- end }}
             {{- with .Values.settings.region }}
             - --region={{ . }}
             {{ end }}

diff --git a/charts/neon-proxy/values.yaml b/charts/neon-proxy/values.yaml
@@ -69,10 +69,14 @@ settings:
   httpPoolOptIn: true
   # settings.disableDynamicRateLimiter -- (bool) Disable dynamic rate limiter
   disableDynamicRateLimiter: true
-  # settings.endpointRpsLimit -- (list) list of rate limiters over different time intervals
+  # settings.endpointRpsLimit -- (list) list of rate limiters for wake_compute over different time intervals
   endpointRpsLimits:
   - 300@1s
   - 250@10m
+  # settings.authRateLimitsEnabled -- (bool) Whether to enable the authentication rate limiter
+  authRateLimitsEnabled: null
+  # settings.authRateLimit -- (list) list of rate limiters over different time intervals for authentication hash iterations per IP,EP
+  authRateLimits: null
   # settings.parquetUploadRemoteStorage -- (string) Storage location to upload the parquet files to.
   parquetUploadRemoteStorage: ""
   # settings.parquetUploadRowGroupSize -- (string) How many rows to include in a row group