mirror of
https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git
synced 2025-08-12 22:53:50 +02:00
feat: change some little security risks, add another ingress that has ip whitelist for admin panel and update some OCI image versions
This commit is contained in:
Justin Kreller
19
charts/templates/ingress-https-ipwhitelist.yaml
Normal file
19
charts/templates/ingress-https-ipwhitelist.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Chart.Name }}-ipwhitelist
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "htwkalender.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: "{{- printf "%s-%s@kubernetescrd" .Release.Namespace .Values.middlewares.httpsIPWhitelist.name }},traefik-https-redirect@kubernetescrd"
|
||||
spec:
|
||||
ingressClassName: "PLACEHOLDER"
|
||||
tls:
|
||||
- hosts:
|
||||
{{- range .Values.ingress.httpsIPWhitelist.hosts }}
|
||||
- {{ .host | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ $.Chart.Name }}-cert
|
||||
rules:
|
||||
{{- toYaml .Values.ingress.httpsIPWhitelist.hosts | nindent 4 }}
|
||||
11
charts/templates/middleware-whitelist-ip.yaml
Normal file
11
charts/templates/middleware-whitelist-ip.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ .Values.middlewares.httpsIPWhitelist.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "htwkalender.labels" . | nindent 4 }}
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- 10.0.0.0/29
|
||||
@@ -54,6 +54,10 @@ readinessProbe:
|
||||
path: /
|
||||
port: http
|
||||
|
||||
middlewares:
|
||||
httpsIPWhitelist:
|
||||
name: ipwhitelist-fsrim-subnet
|
||||
|
||||
ingress:
|
||||
https:
|
||||
annotations:
|
||||
@@ -69,6 +73,18 @@ ingress:
|
||||
name: *service_ical
|
||||
port:
|
||||
number: *service_ical_port
|
||||
httpsIPWhitelist:
|
||||
hosts:
|
||||
- host: *frontend_host
|
||||
http:
|
||||
paths:
|
||||
- path: /_
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: *service_data_manager
|
||||
port:
|
||||
number: *service_data_manager_port
|
||||
httpsRedirect:
|
||||
hosts:
|
||||
- host: *frontend_host
|
||||
@@ -123,10 +139,3 @@ ingress:
|
||||
name: *service_data_manager
|
||||
port:
|
||||
number: *service_data_manager_port
|
||||
- path: /_
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: *service_data_manager
|
||||
port:
|
||||
number: *service_data_manager_port
|
||||
|
||||
Reference in New Issue
Block a user