From 7e1a28fb27355aca3b93a3f494150c71bf0cebd2 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Thu, 16 Jan 2025 22:08:19 +0000
Subject: [PATCH] add dddos protection in ingress factory [ci skip]

---
 modules/kubernetes/ingress_factory/main.tf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/kubernetes/ingress_factory/main.tf b/modules/kubernetes/ingress_factory/main.tf
index c205a02d..0f361ef4 100644
--- a/modules/kubernetes/ingress_factory/main.tf
+++ b/modules/kubernetes/ingress_factory/main.tf
@@ -85,6 +85,18 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
       "nginx.ingress.kubernetes.io/proxy-connect-timeout" : var.proxy_timeout
       "nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
       "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout
+      "nginx.ingress.kubernetes.io/proxy-buffering" : "on"
+
+      # DDOS protection
+      "nginx.ingress.kubernetes.io/limit-connections" : 5
+      "nginx.ingress.kubernetes.io/limit-rps" : 2
+      "nginx.ingress.kubernetes.io/limit-rpm" : 5
+      "nginx.ingress.kubernetes.io/limit-burst-multiplier" : 10
+      "nginx.ingress.kubernetes.io/limit-rate-after" : 10
+      "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
+        limit_req_status 429;
+        limit_conn_status 429;
+      EOF
 
     }, var.extra_annotations)
   }