From bb14dc85a5ef490be5e227a4bd1b514f830c49b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cshaun-nx=E2=80=9D?= <“s.odonovan@f5.com”>
Date: Fri, 18 Nov 2022 12:03:48 +0000
Subject: [PATCH] Allow configuration of `map-hash-bucket-size` and
 `map-hash-max-size` directives

---
 .../global-configuration/configmap-resource.md         |  2 ++
 internal/configs/config_params.go                      |  4 ++++
 internal/configs/configmaps.go                         | 10 ++++++++++
 internal/configs/version1/config.go                    |  2 ++
 internal/configs/version1/nginx-plus.tmpl              |  3 +++
 internal/configs/version1/nginx.tmpl                   |  3 +++
 6 files changed, 24 insertions(+)

diff --git a/docs/content/configuration/global-configuration/configmap-resource.md b/docs/content/configuration/global-configuration/configmap-resource.md
index 699cfb9c53..a82ce7fc79 100644
--- a/docs/content/configuration/global-configuration/configmap-resource.md
+++ b/docs/content/configuration/global-configuration/configmap-resource.md
@@ -86,6 +86,8 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres
 |``worker-shutdown-timeout`` | Sets the value of the [worker_shutdown_timeout](https://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout) directive. | N/A |  |
 |``server-names-hash-bucket-size`` | Sets the value of the [server_names_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size) directive. | ``256`` |  |
 |``server-names-hash-max-size`` | Sets the value of the [server_names_hash_max_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) directive. | ``1024`` |  |
+|``map-hash-bucket-size`` | Sets the value of the [map_hash_bucket_size](http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size) directive.| ``256`` |  |
+|``map-hash-max-size`` | Sets the value of the [map_hash_max_size](http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_max_size) directive. | ``2048`` |  |
 |``resolver-addresses`` | Sets the value of the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) addresses. Note: If you use a DNS name (for example, ``kube-dns.kube-system.svc.cluster.local`` ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, we recommend using IP addresses as resolver addresses instead of DNS names. Supported in NGINX Plus only. | N/A | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). |
 |``resolver-ipv6`` | Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. | ``True`` | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). |
 |``resolver-valid`` | Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. | TTL value of a DNS record | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). |
diff --git a/internal/configs/config_params.go b/internal/configs/config_params.go
index 1ba37991ae..c2dfa6a2bb 100644
--- a/internal/configs/config_params.go
+++ b/internal/configs/config_params.go
@@ -37,6 +37,8 @@ type ConfigParams struct {
 	MainStreamLogFormat                    []string
 	MainStreamLogFormatEscaping            string
 	MainStreamSnippets                     []string
+	MainMapHashBucketSize                  string
+	MainMapHashMaxSize                     string
 	MainWorkerConnections                  string
 	MainWorkerCPUAffinity                  string
 	MainWorkerProcesses                    string
@@ -160,6 +162,8 @@ func NewDefaultConfigParams(isPlus bool) *ConfigParams {
 		SSLRedirect:                   true,
 		MainServerNamesHashBucketSize: "256",
 		MainServerNamesHashMaxSize:    "1024",
+		MainMapHashBucketSize:         "256",
+		MainMapHashMaxSize:            "2048",
 		ProxyBuffering:                true,
 		MainWorkerProcesses:           "auto",
 		MainWorkerConnections:         "1024",
diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go
index 9de5e00fa2..8e7c893b2f 100644
--- a/internal/configs/configmaps.go
+++ b/internal/configs/configmaps.go
@@ -78,6 +78,14 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA
 		cfgParams.MainServerNamesHashMaxSize = serverNamesHashMaxSize
 	}
 
+	if mapHashBucketSize, exists := cfgm.Data["map-hash-bucket-size"]; exists {
+		cfgParams.MainMapHashBucketSize = mapHashBucketSize
+	}
+
+	if mapHashMaxSize, exists := cfgm.Data["map-hash-max-size"]; exists {
+		cfgParams.MainMapHashMaxSize = mapHashMaxSize
+	}
+
 	if HTTP2, exists, err := GetMapKeyAsBool(cfgm.Data, "http2", cfgm); exists {
 		if err != nil {
 			glog.Error(err)
@@ -533,6 +541,8 @@ func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *Config
 		SetRealIPFrom:                      config.SetRealIPFrom,
 		ServerNamesHashBucketSize:          config.MainServerNamesHashBucketSize,
 		ServerNamesHashMaxSize:             config.MainServerNamesHashMaxSize,
+		MapHashBucketSize:                  config.MainMapHashBucketSize,
+		MapHashMaxSize:                     config.MainMapHashMaxSize,
 		ServerTokens:                       config.ServerTokens,
 		SSLCiphers:                         config.MainServerSSLCiphers,
 		SSLDHParam:                         config.MainServerSSLDHParam,
diff --git a/internal/configs/version1/config.go b/internal/configs/version1/config.go
index 1f3496e82f..912c767099 100644
--- a/internal/configs/version1/config.go
+++ b/internal/configs/version1/config.go
@@ -192,6 +192,8 @@ type MainConfig struct {
 	SetRealIPFrom                      []string
 	ServerNamesHashBucketSize          string
 	ServerNamesHashMaxSize             string
+	MapHashBucketSize                  string
+	MapHashMaxSize                     string
 	ServerTokens                       string
 	SSLRejectHandshake                 bool
 	SSLCiphers                         string
diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl
index 772cd19ff9..f2e8b06d5b 100644
--- a/internal/configs/version1/nginx-plus.tmpl
+++ b/internal/configs/version1/nginx-plus.tmpl
@@ -295,6 +295,9 @@ stream {
     {{if .ResolverTimeout}}resolver_timeout {{.ResolverTimeout}};{{end}}
     {{end}}
 
+    map_hash_max_size {{.MapHashMaxSize}};
+    {{if .MapHashBucketSize}}map_hash_bucket_size {{.MapHashBucketSize}};{{end}}
+
     {{if .TLSPassthrough}}
     map $ssl_preread_server_name $dest_internal_passthrough  {
         default unix:/var/lib/nginx/passthrough-https.sock;
diff --git a/internal/configs/version1/nginx.tmpl b/internal/configs/version1/nginx.tmpl
index 20dfcd273b..f2a308a246 100644
--- a/internal/configs/version1/nginx.tmpl
+++ b/internal/configs/version1/nginx.tmpl
@@ -229,6 +229,9 @@ stream {
     {{range $value := .StreamSnippets}}
     {{$value}}{{end}}
 
+    map_hash_max_size {{.MapHashMaxSize}};
+    {{if .MapHashBucketSize}}map_hash_bucket_size {{.MapHashBucketSize}};{{end}}
+
     {{if .TLSPassthrough}}
     map $ssl_preread_server_name $dest_internal_passthrough  {
         default unix:/var/lib/nginx/passthrough-https.sock;