From c8472418fb17c777a372a7a736a7dab7f83e08de Mon Sep 17 00:00:00 2001
From: jaskaransarkaria <jaskaran.sarkaria@digital.justice.gov.uk>
Date: Mon, 25 Mar 2024 10:29:37 +0000
Subject: [PATCH 1/2] =?UTF-8?q?perf:=20=E2=9A=A1=EF=B8=8F=20reduce=20keepa?=
 =?UTF-8?q?live=20time?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 main.tf                   | 22 ++++++++++++----------
 templates/values.yaml.tpl |  1 +
 variables.tf              |  6 ++++++
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/main.tf b/main.tf
index 496c3f2..3a415c0 100644
--- a/main.tf
+++ b/main.tf
@@ -50,16 +50,18 @@ resource "helm_release" "nginx_ingress" {
   version    = "4.7.3"
 
   values = [templatefile("${path.module}/templates/values.yaml.tpl", {
-    metrics_namespace              = "ingress-controllers"
-    external_dns_annotation        = local.external_dns_annotation
-    replica_count                  = var.replica_count
-    default_cert                   = var.default_cert
-    controller_name                = var.controller_name
-    controller_value               = "k8s.io/ingress-${var.controller_name}"
-    enable_modsec                  = var.enable_modsec
-    enable_latest_tls              = var.enable_latest_tls
-    enable_owasp                   = var.enable_owasp
-    keepalive                      = var.keepalive
+    metrics_namespace       = "ingress-controllers"
+    external_dns_annotation = local.external_dns_annotation
+    replica_count           = var.replica_count
+    default_cert            = var.default_cert
+    controller_name         = var.controller_name
+    controller_value        = "k8s.io/ingress-${var.controller_name}"
+    enable_modsec           = var.enable_modsec
+    enable_latest_tls       = var.enable_latest_tls
+    enable_owasp            = var.enable_owasp
+    keepalive               = var.keepalive
+    # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time
+    upstream_keepalive_time        = var.upstream_keepalive_time
     proxy_response_buffering       = var.proxy_response_buffering
     default                        = var.controller_name == "default" ? true : false
     name_override                  = "ingress-${var.controller_name}"
diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
index e44c2f2..68a9880 100644
--- a/templates/values.yaml.tpl
+++ b/templates/values.yaml.tpl
@@ -169,6 +169,7 @@ controller:
     proxy-body-size: "50m"
     keepalive: ${keepalive}
     proxy-buffering: "${proxy_response_buffering}"
+    upstream-keepalive-time: "${upstream_keepalive_time}"
 
 %{ if enable_latest_tls }
     ssl-protocols: "TLSv1.2 TLSv1.3"
diff --git a/variables.tf b/variables.tf
index 804d88f..010920a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -74,6 +74,12 @@ variable "keepalive" {
   default     = 320
 }
 
+variable "upstream_keepalive_time" {
+  description = "Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing."
+  type        = string
+  default     = "1h"
+}
+
 variable "proxy_response_buffering" {
   description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering"
   type        = string

From 4a254b53c199fc6b7376f1be0f6ed8ddcfaa3a4e Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 25 Mar 2024 11:13:07 +0000
Subject: [PATCH 2/2] terraform-docs: automated action

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index dd85bb0..12f1a1d 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,7 @@ No modules.
 | <a name="input_opensearch_modsec_audit_host"></a> [opensearch\_modsec\_audit\_host](#input\_opensearch\_modsec\_audit\_host) | domain endpoint for the opensearch cluster | `string` | `""` | no |
 | <a name="input_proxy_response_buffering"></a> [proxy\_response\_buffering](#input\_proxy\_response\_buffering) | nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy\_buffer\_size and proxy\_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering | `string` | `"off"` | no |
 | <a name="input_replica_count"></a> [replica\_count](#input\_replica\_count) | Number of replicas set in deployment | `string` | n/a | yes |
+| <a name="input_upstream_keepalive_time"></a> [upstream\_keepalive\_time](#input\_upstream\_keepalive\_time) | Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing. | `string` | `"1h"` | no |
 
 ## Outputs