airship/maas
Code Issues Proposed changes
906f9a5f15
maas/charts/maas/templates/ingress-region.yaml
Ritchie, Frank (fr801x) 906f9a5f15 Change pathtype to prefix 
Due to cve-2022-4886 the default pathType for an ingress should be
either "Exact" or "Prefix". This allows for more strict path validation by
the admission controller.

Change-Id: I1089bd5c893685fe3b2bcd6868da2f2b761e144f
2024-01-29 10:58:42 -05:00

69 lines
2.5 KiB
YAML
Raw Blame History

{{/*
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if and .Values.manifests.ingress_region .Values.network.region_api.ingress.public }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: maas-region-api
spec:
ingressClassName: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
rules:
- host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
http:
paths:
{{- if .Values.conf.maas.ingress_disable_gui }}
- path: /MAAS/api
pathType: Prefix
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/images-stream
pathType: Prefix
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/metadata
pathType: Prefix
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/rpc
pathType: Prefix
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- else }}
- path: /
pathType: Prefix
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- end }}
...
{{ end }}
View Git Blame Copy Permalink