- Add support for pangolin.public-resources.* labels as alias for proxy-resources
- Add support for pangolin.private-resources.* labels as alias for client-resources
- Update processContainerLabels to parse all four resource type prefixes
- Update early-exit check in applyNewtDockerBlueprint to consider all four resource keys
- ConfigSchema transformation will merge public/private into proxy/client as designed
Fixes#2125
- Add maxKeys limit (10,000) to NodeCache to prevent unbounded memory growth
- Skip caching undefined values when GeoIP/ASN lookups fail (e.g., when MaxMind DB not configured)
- Add periodic cache statistics logging every 5 minutes for monitoring
- Fixes memory leak where cache would grow indefinitely with high request volumes
The maxKeys limit uses LRU eviction, so oldest entries are automatically removed
when the limit is reached. With ~10k requests/day and 5min TTL, 10k keys provides
ample headroom while preventing OOM issues.
Fixes#2120
- Add MaxMind ASN database integration
- Implement ASN lookup and matching in resource rule verification
- Add curated list of 100+ major ASNs (cloud, ISP, CDN, mobile carriers)
- Add ASN dropdown selector in resource rules UI with search functionality
- Support custom ASN input for unlisted ASNs
- Add 'ALL ASNs' special case handling (AS0)
- Cache ASN lookups with 5-minute TTL for performance
- Update validation schemas to support ASN match type
This allows administrators to create resource access rules based on
Autonomous System Numbers, similar to existing country-based rules.
Useful for restricting access by ISP, cloud provider, or mobile carrier.
