NODE-5873 add configurable APIFW parameters to Sidecar Helm chart

TAG

@@ -1 +1 @@
-1.4.0
+1.4.1

files/template.yaml.tpl

@@ -29,6 +29,7 @@ volumes:
     {{ if ne (getAnnotation .ObjectMeta (withAP "sidecar-injection-schema") .Config.injectionStrategy.schema) "split" -}}
     {{ template "wallarmApiVariables" . }}
     {{ template "wallarmVersion" . }}
+    {{ template "wallarmApiFwVariables" . }}
     {{- end  }}
     {{ if (isSet .ObjectMeta.Annotations (withAP "wallarm-application")) -}}
     - name: WALLARM_APPLICATION
@@ -66,20 +67,6 @@ volumes:
       value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-upstream-connect-attempts`) .Config.wallarm.upstream.connectAttempts }}"
     - name: WALLARM_UPSTREAM_RECONNECT_INTERVAL
       value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-upstream-reconnect-interval`) .Config.wallarm.upstream.reconnectInterval }}"
-    - name: WALLARM_APIFW_ENABLE
-      value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewall.mode }}"
-    - name: APIFW_READ_BUFFER_SIZE
-      value: "{{ .Config.wallarm.apiFirewall.readBufferSize | int64 }}"
-    - name: APIFW_WRITE_BUFFER_SIZE
-      value: "{{ .Config.wallarm.apiFirewall.writeBufferSize | int64 }}"
-    - name: APIFW_MAX_REQUEST_BODY_SIZE
-      value: "{{ .Config.wallarm.apiFirewall.maxRequestBodySize | int64 }}"
-    - name: APIFW_DISABLE_KEEPALIVE
-      value: "{{ .Config.wallarm.apiFirewall.disableKeepalive }}"
-    - name: APIFW_MAX_CONNS_PER_IP
-      value: "{{ .Config.wallarm.apiFirewall.maxConnectionsPerIp }}"
-    - name: APIFW_MAX_REQUESTS_PER_CONN
-      value: "{{ .Config.wallarm.apiFirewall.maxRequestsPerConnection }}"
     - name: NGINX_LISTEN_PORT
       value: "{{ getAnnotation .ObjectMeta (withAP `nginx-listen-port`) .Config.nginx.listenPort }}"
     - name: NGINX_PROXY_PASS_PORT
@@ -148,6 +135,8 @@ volumes:
       value: "{{ .Profile.nginx.servers | toJson | b64enc }}"
     {{- end }}
     {{- end }}
+    - name: WALLARM_APIFW_ENABLE
+      value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewall.mode }}"
   ports:
     - name: status
       containerPort: {{ getAnnotation .ObjectMeta (withAP "nginx-status-port") .Config.nginx.statusPort }}
@@ -200,6 +189,9 @@ volumes:
   env:
     {{ template "wallarmApiVariables" . }}
     {{ template "wallarmVersion" . }}
+    {{ template "wallarmApiFwVariables" . }}
+    - name: WALLARM_APIFW_ENABLE
+      value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewall.mode }}"
     - name: NGINX_STATUS_PORT
       value: "{{ getAnnotation .ObjectMeta (withAP `nginx-status-port`) .Config.nginx.statusPort }}"
   volumeMounts:
@@ -303,6 +295,21 @@ volumes:
       value: "{{ .Config.component.version }}"
 {{- end }}
 
+{{- define "wallarmApiFwVariables" }}
+    - name: APIFW_READ_BUFFER_SIZE
+      value: "{{ .Config.wallarm.apiFirewall.readBufferSize | int64 }}"
+    - name: APIFW_WRITE_BUFFER_SIZE
+      value: "{{ .Config.wallarm.apiFirewall.writeBufferSize | int64 }}"
+    - name: APIFW_MAX_REQUEST_BODY_SIZE
+      value: "{{ .Config.wallarm.apiFirewall.maxRequestBodySize | int64 }}"
+    - name: APIFW_DISABLE_KEEPALIVE
+      value: "{{ .Config.wallarm.apiFirewall.disableKeepalive }}"
+    - name: APIFW_MAX_CONNS_PER_IP
+      value: "{{ .Config.wallarm.apiFirewall.maxConnectionsPerIp }}"
+    - name: APIFW_MAX_REQUESTS_PER_CONN
+      value: "{{ .Config.wallarm.apiFirewall.maxRequestsPerConnection }}"
+{{- end }}
+
 {{- define "helperContainer.resources" }}
   {{- if or (isSet .ObjectMeta.Annotations (withAP "helper-cpu")) (isSet .ObjectMeta.Annotations (withAP "helper-memory")) (isSet .ObjectMeta.Annotations (withAP "helper-cpu-limit")) (isSet .ObjectMeta.Annotations (withAP "helper-memory-limit")) }}
     {{- if or (isSet .ObjectMeta.Annotations (withAP "helper-cpu")) (isSet .ObjectMeta.Annotations (withAP "helper-memory")) }}

helm/Chart.yaml

@@ -23,6 +23,6 @@ annotations:
     - name: sidecar
       image: wallarm/sidecar:5.2.11
     - name: sidecar-controller
-      image: wallarm/sidecar-controller:1.4.0
+      image: wallarm/sidecar-controller:1.4.1
     - name: node-helpers
       image: wallarm/node-helpers:5.2.11

helm/values.yaml

@@ -787,7 +787,7 @@ controller:
   image:
     registry: docker.io
     image: wallarm/sidecar-controller
-    tag: 1.4.0
+    tag: 1.4.1
     pullPolicy: IfNotPresent
   # -- Admission webhook configuration
   # @default -- *See below for details*