HTWK/htwkalender
1
1
Fork 0
mirror of https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git synced 2025-08-11 22:23:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: change some little security risks, add another ingress that has ip whitelist for admin panel and update some OCI image versions

Browse Source
This commit is contained in:
Justin Kreller
2025-05-12 23:26:29 +02:00
parent 3374dfd8f9
commit 5aa1c32fcd
9 changed files with 55 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
charts/templates/ingress-https-ipwhitelist.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Chart.Name }}-ipwhitelist
namespace: {{ .Release.Namespace }}
labels:
{{- include "htwkalender.labels" . | nindent 4 }}
annotations:
traefik.ingress.kubernetes.io/router.middlewares: "{{- printf "%s-%s@kubernetescrd" .Release.Namespace .Values.middlewares.httpsIPWhitelist.name }},traefik-https-redirect@kubernetescrd"
spec:
ingressClassName: "PLACEHOLDER"
tls:
- hosts:
{{- range .Values.ingress.httpsIPWhitelist.hosts }}
- {{ .host | quote }}
{{- end }}
secretName: {{ $.Chart.Name }}-cert
rules:
{{- toYaml .Values.ingress.httpsIPWhitelist.hosts | nindent 4 }}

11
charts/templates/middleware-whitelist-ip.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: {{ .Values.middlewares.httpsIPWhitelist.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "htwkalender.labels" . | nindent 4 }}
spec:
ipWhiteList:
sourceRange:
- 10.0.0.0/29