diff --git a/TAG b/TAG index 17e63e7..90a7f60 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -1.3.11 +1.3.12 diff --git a/files/template.yaml.tpl b/files/template.yaml.tpl index 258acc1..0199bb8 100644 --- a/files/template.yaml.tpl +++ b/files/template.yaml.tpl @@ -67,7 +67,19 @@ volumes: - name: WALLARM_UPSTREAM_RECONNECT_INTERVAL value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-upstream-reconnect-interval`) .Config.wallarm.upstream.reconnectInterval }}" - name: WALLARM_APIFW_ENABLE - value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewallMode }}" + value: "{{ getAnnotation .ObjectMeta (withAP `api-firewall-enabled`) .Config.wallarm.apiFirewall.mode }}" + - name: APIFW_READ_BUFFER_SIZE + value: "{{ .Config.wallarm.apiFirewall.readBufferSize }}" + - name: APIFW_WRITE_BUFFER_SIZE + value: "{{ .Config.wallarm.apiFirewall.writeBufferSize }}" + - name: APIFW_MAX_REQUEST_BODY_SIZE + value: "{{ .Config.wallarm.apiFirewall.maxRequestBodySize }}" + - name: APIFW_DISABLE_KEEPALIVE + value: "{{ .Config.wallarm.apiFirewall.disableKeepalive }}" + - name: APIFW_MAX_CONNS_PER_IP + value: "{{ .Config.wallarm.apiFirewall.maxConnectionsPerIp }}" + - name: APIFW_MAX_REQUESTS_PER_CONN + value: "{{ .Config.wallarm.apiFirewall.maxRequestsPerConnection }}" - name: NGINX_LISTEN_PORT value: "{{ getAnnotation .ObjectMeta (withAP `nginx-listen-port`) .Config.nginx.listenPort }}" - name: NGINX_PROXY_PASS_PORT diff --git a/helm/Chart.yaml b/helm/Chart.yaml index ee0d48e..aae6a63 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -23,6 +23,6 @@ annotations: - name: sidecar image: wallarm/sidecar:5.2.11 - name: sidecar-controller - image: wallarm/sidecar-controller:1.3.11 + image: wallarm/sidecar-controller:1.3.12 - name: node-helpers image: wallarm/node-helpers:5.2.11 diff --git a/helm/values.yaml b/helm/values.yaml index 9819ed3..5b88a9d 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -76,12 +76,6 @@ config: ### https://docs.wallarm.com/admin-en/configure-parameters-en/#wallarm_unpack_response ### unpackResponse: "on" - ### Global setting to turn Wallarm API Firewall component on or off - ### https://wallarm.github.io/api-firewall/ - ### - apiFirewallMode: "on" - ### Post-analytics node endpoint configuration - ### upstream: ### Defines the number of immediate reconnects to the Tarantool or Wallarm API ### https://docs.wallarm.com/admin-en/configure-parameters-en/#wallarm_upstream_connect_attempts @@ -91,6 +85,34 @@ config: ### https://docs.wallarm.com/admin-en/configure-parameters-en/#wallarm_upstream_reconnect_interval ### reconnectInterval: 15s + apiFirewall: + ### Global setting to turn Wallarm API Firewall component on or off + ### https://wallarm.github.io/api-firewall/ + ### + mode: "on" + ### Post-analytics node endpoint configuration + ### + ### Per-connection buffer size (in bytes) for requests' reading. This also limits the maximum header size. + ### Increase this buffer if your clients send multi-KB RequestURIs and/or multi-KB headers (for example, BIG cookies) + ### + readBufferSize: 8192 + ### Per-connection buffer size (in bytes) for responses' writing. + ### + writeBufferSize: 8192 + ### Maximum request body size (in bytes). The server rejects requests with bodies exceeding this limit. + ### + maxRequestBodySize: 4194304 + ### Whether to disable keep-alive connections. The server will close all the incoming connections after sending + ## the first response to client if this option is set to 'true' + ### + disableKeepalive: false + ### Maximum number of concurrent client connections allowed per IP. '0' means unlimited + ### + maxConnectionsPerIp: 0 + ### Maximum number of requests served per connection. The server closes connection after the last request. + ### 'Connection: close' header is added to the last response. '0' means unlimited + ### + maxRequestsPerConnection: 0 ### Default Annotation prefix which is used in sidecar template to overwrite default values annotationPrefix: sidecar.wallarm.io ### Default sidecar injection strategy. Parameters in this section can be overwritten individually