NODE-5873 add configurable APIFW parameters to Sidecar Helm chart

wallarm · Jan 21, 2025 · 254fa24 · 254fa24
1 parent e53af0e
commit 254fa24
Showing 1 changed file with 19 additions and 14 deletions.
diff --git a/files/template.yaml.tpl b/files/template.yaml.tpl
@@ -66,20 +66,6 @@ volumes:
       value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-upstream-connect-attempts`) .Config.wallarm.upstream.connectAttempts }}"
     - name: WALLARM_UPSTREAM_RECONNECT_INTERVAL
       value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-upstream-reconnect-interval`) .Config.wallarm.upstream.reconnectInterval }}"
-    - name: WALLARM_APIFW_ENABLE
-      value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewall.mode }}"
-    - name: APIFW_READ_BUFFER_SIZE
-      value: "{{ .Config.wallarm.apiFirewall.readBufferSize | int64 }}"
-    - name: APIFW_WRITE_BUFFER_SIZE
-      value: "{{ .Config.wallarm.apiFirewall.writeBufferSize | int64 }}"
-    - name: APIFW_MAX_REQUEST_BODY_SIZE
-      value: "{{ .Config.wallarm.apiFirewall.maxRequestBodySize | int64 }}"
-    - name: APIFW_DISABLE_KEEPALIVE
-      value: "{{ .Config.wallarm.apiFirewall.disableKeepalive }}"
-    - name: APIFW_MAX_CONNS_PER_IP
-      value: "{{ .Config.wallarm.apiFirewall.maxConnectionsPerIp }}"
-    - name: APIFW_MAX_REQUESTS_PER_CONN
-      value: "{{ .Config.wallarm.apiFirewall.maxRequestsPerConnection }}"
     - name: NGINX_LISTEN_PORT
       value: "{{ getAnnotation .ObjectMeta (withAP `nginx-listen-port`) .Config.nginx.listenPort }}"
     - name: NGINX_PROXY_PASS_PORT
@@ -148,6 +134,7 @@ volumes:
       value: "{{ .Profile.nginx.servers | toJson | b64enc }}"
     {{- end }}
     {{- end }}
+    {{ template "wallarmApiFwVariables" . }}
   ports:
     - name: status
       containerPort: {{ getAnnotation .ObjectMeta (withAP "nginx-status-port") .Config.nginx.statusPort }}
@@ -200,6 +187,7 @@ volumes:
   env:
     {{ template "wallarmApiVariables" . }}
     {{ template "wallarmVersion" . }}
+    {{ template "wallarmApiFwVariables" . }}
     - name: NGINX_STATUS_PORT
       value: "{{ getAnnotation .ObjectMeta (withAP `nginx-status-port`) .Config.nginx.statusPort }}"
   volumeMounts:
@@ -303,6 +291,23 @@ volumes:
       value: "{{ .Config.component.version }}"
 {{- end }}
 
+{{- define "wallarmApiFwVariables" }}
+    - name: WALLARM_APIFW_ENABLE
+      value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewall.mode }}"
+    - name: APIFW_READ_BUFFER_SIZE
+      value: "{{ .Config.wallarm.apiFirewall.readBufferSize | int64 }}"
+    - name: APIFW_WRITE_BUFFER_SIZE
+      value: "{{ .Config.wallarm.apiFirewall.writeBufferSize | int64 }}"
+    - name: APIFW_MAX_REQUEST_BODY_SIZE
+      value: "{{ .Config.wallarm.apiFirewall.maxRequestBodySize | int64 }}"
+    - name: APIFW_DISABLE_KEEPALIVE
+      value: "{{ .Config.wallarm.apiFirewall.disableKeepalive }}"
+    - name: APIFW_MAX_CONNS_PER_IP
+      value: "{{ .Config.wallarm.apiFirewall.maxConnectionsPerIp }}"
+    - name: APIFW_MAX_REQUESTS_PER_CONN
+      value: "{{ .Config.wallarm.apiFirewall.maxRequestsPerConnection }}"
+{{- end }}
+
 {{- define "helperContainer.resources" }}
   {{- if or (isSet .ObjectMeta.Annotations (withAP "helper-cpu")) (isSet .ObjectMeta.Annotations (withAP "helper-memory")) (isSet .ObjectMeta.Annotations (withAP "helper-cpu-limit")) (isSet .ObjectMeta.Annotations (withAP "helper-memory-limit")) }}
     {{- if or (isSet .ObjectMeta.Annotations (withAP "helper-cpu")) (isSet .ObjectMeta.Annotations (withAP "helper-memory")) }}