perf: ⚡️ reduce keepalive time

README.md

@@ -76,6 +76,7 @@ No modules.
 | <a name="input_opensearch_modsec_audit_host"></a> [opensearch\_modsec\_audit\_host](#input\_opensearch\_modsec\_audit\_host) | domain endpoint for the opensearch cluster | `string` | `""` | no |
 | <a name="input_proxy_response_buffering"></a> [proxy\_response\_buffering](#input\_proxy\_response\_buffering) | nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy\_buffer\_size and proxy\_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering | `string` | `"off"` | no |
 | <a name="input_replica_count"></a> [replica\_count](#input\_replica\_count) | Number of replicas set in deployment | `string` | n/a | yes |
+| <a name="input_upstream_keepalive_time"></a> [upstream\_keepalive\_time](#input\_upstream\_keepalive\_time) | Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing. | `string` | `"1h"` | no |
 
 ## Outputs
 

main.tf

@@ -50,16 +50,18 @@ resource "helm_release" "nginx_ingress" {
   version    = "4.7.3"
 
   values = [templatefile("${path.module}/templates/values.yaml.tpl", {
-    metrics_namespace              = "ingress-controllers"
-    external_dns_annotation        = local.external_dns_annotation
-    replica_count                  = var.replica_count
-    default_cert                   = var.default_cert
-    controller_name                = var.controller_name
-    controller_value               = "k8s.io/ingress-${var.controller_name}"
-    enable_modsec                  = var.enable_modsec
-    enable_latest_tls              = var.enable_latest_tls
-    enable_owasp                   = var.enable_owasp
-    keepalive                      = var.keepalive
+    metrics_namespace       = "ingress-controllers"
+    external_dns_annotation = local.external_dns_annotation
+    replica_count           = var.replica_count
+    default_cert            = var.default_cert
+    controller_name         = var.controller_name
+    controller_value        = "k8s.io/ingress-${var.controller_name}"
+    enable_modsec           = var.enable_modsec
+    enable_latest_tls       = var.enable_latest_tls
+    enable_owasp            = var.enable_owasp
+    keepalive               = var.keepalive
+    # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time
+    upstream_keepalive_time        = var.upstream_keepalive_time
     proxy_response_buffering       = var.proxy_response_buffering
     default                        = var.controller_name == "default" ? true : false
     name_override                  = "ingress-${var.controller_name}"

templates/values.yaml.tpl

@@ -169,6 +169,7 @@ controller:
     proxy-body-size: "50m"
     keepalive: ${keepalive}
     proxy-buffering: "${proxy_response_buffering}"
+    upstream-keepalive-time: "${upstream_keepalive_time}"
 
 %{ if enable_latest_tls }
     ssl-protocols: "TLSv1.2 TLSv1.3"

variables.tf

@@ -74,6 +74,12 @@ variable "keepalive" {
   default     = 320
 }
 
+variable "upstream_keepalive_time" {
+  description = "Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing."
+  type        = string
+  default     = "1h"
+}
+
 variable "proxy_response_buffering" {
   description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering"
   type        = string