From 30e0de0982214d32fec6050aaa9176b1096b08ad Mon Sep 17 00:00:00 2001 From: Conrad Ludgate Date: Wed, 24 Apr 2024 10:03:36 +0100 Subject: [PATCH] add auth rate limit config (#78) --- charts/neon-proxy/Chart.yaml | 2 +- charts/neon-proxy/README.md | 4 +++- charts/neon-proxy/templates/deployment.yaml | 6 ++++++ charts/neon-proxy/values.yaml | 6 +++++- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/neon-proxy/Chart.yaml b/charts/neon-proxy/Chart.yaml index 074ac96..cfb00fa 100644 --- a/charts/neon-proxy/Chart.yaml +++ b/charts/neon-proxy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: neon-proxy description: Neon Proxy type: application -version: 1.7.21 +version: 1.7.22 appVersion: "0.1.0" kubeVersion: "^1.18.x-x" home: https://neon.tech diff --git a/charts/neon-proxy/README.md b/charts/neon-proxy/README.md index c0ab55f..01d279b 100644 --- a/charts/neon-proxy/README.md +++ b/charts/neon-proxy/README.md @@ -1,6 +1,6 @@ # neon-proxy -![Version: 1.7.21](https://img.shields.io/badge/Version-1.7.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![Lint and Test Charts](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml/badge.svg)](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml) +![Version: 1.7.22](https://img.shields.io/badge/Version-1.7.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![Lint and Test Charts](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml/badge.svg)](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml) Neon Proxy @@ -65,6 +65,8 @@ Kubernetes: `^1.18.x-x` | serviceAccount.name | string | `""` | | | settings.authBackend | string | `"link"` | auth method used (console|link|postgres) | | settings.authEndpoint | string | `""` | auth endpoint, e.g. "http://console.neon/authenticate_proxy_request/" | +| settings.authRateLimits | string | `nil` | | +| settings.authRateLimitsEnabled | bool | `nil` | Whether to enable the authentication rate limiter | | settings.awsAccessKeyId | string | `""` | (string) AWS Access Key ID | | settings.awsRegion | string | `""` | (string) Aws region to retrieve credentials | | settings.awsSecretAccessKey | string | `""` | (string) AWS Secret Access Key | diff --git a/charts/neon-proxy/templates/deployment.yaml b/charts/neon-proxy/templates/deployment.yaml index 1c9c223..a8c5d0f 100644 --- a/charts/neon-proxy/templates/deployment.yaml +++ b/charts/neon-proxy/templates/deployment.yaml @@ -111,6 +111,12 @@ spec: {{- range .Values.settings.endpointRpsLimits }} - --endpoint-rps-limit={{ . }} {{- end }} + {{- if .Values.settings.authRateLimitsEnabled }} + - --auth-rate-limit-enabled + {{- end }} + {{- range .Values.settings.authRateLimits }} + - --auth-rate-limit={{ . }} + {{- end }} {{- with .Values.settings.region }} - --region={{ . }} {{ end }} diff --git a/charts/neon-proxy/values.yaml b/charts/neon-proxy/values.yaml index 996e358..404585f 100644 --- a/charts/neon-proxy/values.yaml +++ b/charts/neon-proxy/values.yaml @@ -69,10 +69,14 @@ settings: httpPoolOptIn: true # settings.disableDynamicRateLimiter -- (bool) Disable dynamic rate limiter disableDynamicRateLimiter: true - # settings.endpointRpsLimit -- (list) list of rate limiters over different time intervals + # settings.endpointRpsLimit -- (list) list of rate limiters for wake_compute over different time intervals endpointRpsLimits: - 300@1s - 250@10m + # settings.authRateLimitsEnabled -- (bool) Whether to enable the authentication rate limiter + authRateLimitsEnabled: null + # settings.authRateLimit -- (list) list of rate limiters over different time intervals for authentication hash iterations per IP,EP + authRateLimits: null # settings.parquetUploadRemoteStorage -- (string) Storage location to upload the parquet files to. parquetUploadRemoteStorage: "" # settings.parquetUploadRowGroupSize -- (string) How many rows to include in a row group