github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-authproxy/templates/verrazzano-ingress.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-authproxy/templates/verrazzano-ingress.yaml (about)

     1  # Copyright (c) 2021, 2023, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  ---
     5  apiVersion: networking.k8s.io/v1
     6  kind: Ingress
     7  metadata:
     8    annotations:
     9      {{- if .Values.dns.wildcard.domain}}
    10      verrazzano.io/dns.wildcard.domain: {{ .Values.dns.wildcard.domain }}
    11      {{- end }}
    12      external-dns.alpha.kubernetes.io/target: verrazzano-ingress.{{ .Values.config.envName }}.{{ .Values.config.dnsSuffix }}
    13      kubernetes.io/tls-acme: "true"
    14      nginx.ingress.kubernetes.io/rewrite-target: /$1$2
    15      nginx.ingress.kubernetes.io/affinity: cookie
    16      nginx.ingress.kubernetes.io/configuration-snippet: |
    17        proxy_hide_header X-Powered-By;
    18        add_header Last-Modified "$date_gmt";
    19        add_header Pragma "no-cache";
    20        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
    21        add_header Expect-CT "max-age=86400, enforce";
    22        add_header Referrer-Policy "strict-origin";
    23        add_header X-Content-Type-Options "nosniff" always;
    24        add_header X-Frame-Options "DENY" always;
    25        add_header X-Permitted-Cross-Domain-Policies "none";
    26        add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
    27        add_header X-XSS-Protection "1; mode=block";
    28        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' static.oracle.com; form-action 'none'; connect-src 'self' https:; media-src 'none'; object-src 'none'; font-src 'self' static.oracle.com; img-src 'self' data:; style-src 'self' static.oracle.com; frame-ancestors 'none';" always;
    29      nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
    30      nginx.ingress.kubernetes.io/session-cookie-expires: "86400"
    31      nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
    32      nginx.ingress.kubernetes.io/session-cookie-name: route
    33      nginx.ingress.kubernetes.io/session-cookie-samesite: Strict
    34      nginx.ingress.kubernetes.io/service-upstream: "true"
    35      nginx.ingress.kubernetes.io/upstream-vhost: "${service_name}.${namespace}.svc.cluster.local"
    36      cert-manager.io/common-name: verrazzano.{{ .Values.config.envName }}.{{ .Values.config.dnsSuffix }}
    37      cert-manager.io/cluster-issuer: verrazzano-cluster-issuer
    38    name: verrazzano-ingress
    39    namespace: {{ .Release.Namespace }}
    40  spec:
    41    ingressClassName: {{ .Values.config.ingressClassName }}
    42    rules:
    43      - host: verrazzano.{{ .Values.config.envName }}.{{ .Values.config.dnsSuffix }}
    44        http:
    45          paths:
    46            {{- if .Values.v2.enabled }}
    47            - backend:
    48                service:
    49                  name: {{ .Values.name }}
    50                  port:
    51                    number: {{ .Values.v2.port }}
    52              path: /(clusters)(.*)
    53              pathType: Prefix
    54            {{- end  }}
    55            - backend:
    56                service:
    57                  name: {{ .Values.name }}
    58                  port:
    59                    number: {{ .Values.port }}
    60              path: /()(.*)
    61              pathType: ImplementationSpecific
    62    tls:
    63      - hosts:
    64          - verrazzano.{{ .Values.config.envName }}.{{ .Values.config.dnsSuffix }}
    65        secretName: verrazzano-tls