From 57b0b5702f620eb449daa4f9859893a07ea68af4 Mon Sep 17 00:00:00 2001
From: Vladimir Shushlin <v.shushlin@gmail.com>
Date: Wed, 3 Nov 2021 17:38:19 +0300
Subject: [PATCH 1/2] Add source-ip rate-limits for GitLab Pages

Changelog: added
---
 charts/gitlab/charts/gitlab-pages/templates/configmap.yml | 6 ++++++
 doc/charts/gitlab/gitlab-pages/index.md                   | 2 ++
 spec/configuration/pages_spec.rb                          | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml
index ac983e5b7d..50f5d69daf 100644
--- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml
+++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml
@@ -116,5 +116,11 @@ data:
     {{- if .Values.zipOpenTimeout }}
     zip-open-timeout={{ .Values.zipOpenTimeout }}
     {{- end }}
+    {{- if .Values.rateLimitSourceIP }}
+    rate-limit-source-ip={{ .Values.rateLimitSourceIP }}
+    {{- end }}
+    {{- if .Values.rateLimitSourceIPBurst }}
+    rate-limit-source-ip-burst={{ .Values.rateLimitSourceIPBurst }}
+    {{- end }}
   configure: |
     {{- include "gitlab.scripts.configure.secrets" (dict "required" "pages" "optional" "pages") | nindent 4 -}}
diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md
index 0af8b206d2..4edcc31938 100644
--- a/doc/charts/gitlab/gitlab-pages/index.md
+++ b/doc/charts/gitlab/gitlab-pages/index.md
@@ -101,6 +101,8 @@ configurations that can be supplied to the `helm install` command using the
 | `zipCache.expiration`            | int                   | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
 | `zipCache.refresh`               | int                   | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
 | `zipOpenTimeout`                 | int                   | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
+| `rateLimitSourceIP`              | int                   | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
+| `rateLimitSourceIPBurst`         | int                   | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
 
 ### Configuring the `ingress`
 
diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb
index e091895fea..bec80d734c 100644
--- a/spec/configuration/pages_spec.rb
+++ b/spec/configuration/pages_spec.rb
@@ -487,6 +487,8 @@ describe 'GitLab Pages' do
                   port: 9999
                 zipCache:
                   refresh: 60s
+                rateLimitSourceIP: 100.5
+                rateLimitSourceIPBurst: 50
           ))
         end
 
@@ -523,6 +525,8 @@ describe 'GitLab Pages' do
             auth-client-secret={% file.Read "/etc/gitlab-secrets/pages/gitlab_appsecret" %}
             auth-secret={% file.Read "/etc/gitlab-secrets/pages/auth_secret" %}
             zip-cache-refresh=60s
+            rate-limit-source-ip=100.5
+            rate-limit-source-ip-burst=50
           MSG
 
           expect(pages_enabled_template.exit_code).to eq(0), "Unexpected error code #{pages_enabled_template.exit_code} -- #{pages_enabled_template.stderr}"
-- 
GitLab


From c571cca2ad99f1353ebddc7b487b3feea97b3637 Mon Sep 17 00:00:00 2001
From: Vladimir Shushlin <vshushlin@gitlab.com>
Date: Mon, 15 Nov 2021 08:49:47 +0000
Subject: [PATCH 2/2] Mention the feature flag for IP rate limis

---
 doc/charts/gitlab/gitlab-pages/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md
index 4edcc31938..0b93a1d1a2 100644
--- a/doc/charts/gitlab/gitlab-pages/index.md
+++ b/doc/charts/gitlab/gitlab-pages/index.md
@@ -101,7 +101,7 @@ configurations that can be supplied to the `helm install` command using the
 | `zipCache.expiration`            | int                   | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
 | `zipCache.refresh`               | int                   | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
 | `zipOpenTimeout`                 | int                   | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
-| `rateLimitSourceIP`              | int                   | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
+| `rateLimitSourceIP`              | int                   | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENABLE_RATE_LIMITER=true"]` |
 | `rateLimitSourceIPBurst`         | int                   | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
 
 ### Configuring the `ingress`
-- 
GitLab