devel: change whitelist_ips to just whitelisr
This commit is contained in:
@@ -264,7 +264,7 @@ server:
|
|||||||
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips }}
|
{{- with .Values.clusterConfig.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
hosts:
|
hosts:
|
||||||
@@ -286,7 +286,7 @@ applicationSet:
|
|||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
||||||
# {{- with .Values.clusterConfig.ingress_whitelist_ips}}
|
# {{- with .Values.clusterConfig.ingress_whitelist}}
|
||||||
# NOTE(kai): include gitlab and github webhook ranges
|
# NOTE(kai): include gitlab and github webhook ranges
|
||||||
# nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }},192.30.252.0/22,140.82.112.0/20,34.74.226.27/28,34.74.226.0/24
|
# nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }},192.30.252.0/22,140.82.112.0/20,34.74.226.27/28,34.74.226.0/24
|
||||||
# {{- end }}
|
# {{- end }}
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ clusterConfig:
|
|||||||
patterns: []
|
patterns: []
|
||||||
cidr: []
|
cidr: []
|
||||||
nodes: []
|
nodes: []
|
||||||
ingress_whitelist_ips:
|
ingress_whitelist:
|
||||||
#itp internal
|
#itp internal
|
||||||
- 10.0.0.0/8
|
- 10.0.0.0/8
|
||||||
- 172.16.0.0/12
|
- 172.16.0.0/12
|
||||||
|
|||||||
+1
-1
@@ -15,7 +15,7 @@ clusterConfig:
|
|||||||
nodenames: []
|
nodenames: []
|
||||||
nodes: []
|
nodes: []
|
||||||
ingress_clusterissuer: "letsencrypt-production"
|
ingress_clusterissuer: "letsencrypt-production"
|
||||||
ingress_whitelist_ips:
|
ingress_whitelist:
|
||||||
- 10.0.0.0/8
|
- 10.0.0.0/8
|
||||||
- 172.16.0.0/12
|
- 172.16.0.0/12
|
||||||
- 192.168.0.0/16
|
- 192.168.0.0/16
|
||||||
|
|||||||
@@ -72,7 +72,7 @@ alertmanager:
|
|||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips }}
|
{{- with .Values.clusterConfig.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
hosts:
|
hosts:
|
||||||
@@ -173,7 +173,7 @@ grafana:
|
|||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips}}
|
{{- with .Values.clusterConfig.ingress_whitelist}}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
hosts:
|
hosts:
|
||||||
@@ -437,7 +437,7 @@ prometheus:
|
|||||||
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips }}
|
{{- with .Values.clusterConfig.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
@@ -458,7 +458,7 @@ prometheus:
|
|||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }}
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips }}
|
{{- with .Values.clusterConfig.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
hosts:
|
hosts:
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ spec:
|
|||||||
patchStrategicMerge:
|
patchStrategicMerge:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips }}
|
{{- with .Values.clusterConfig.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: "{{`{{ @ }}`}},{{ join "," . }}"
|
nginx.ingress.kubernetes.io/whitelist-source-range: "{{`{{ @ }}`}},{{ join "," . }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: add-nginx-whitelist
|
- name: add-nginx-whitelist
|
||||||
@@ -66,7 +66,7 @@ spec:
|
|||||||
patchStrategicMerge:
|
patchStrategicMerge:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{- with .Values.clusterConfig.ingress_whitelist_ips }}
|
{{- with .Values.clusterConfig.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," . }}"
|
nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," . }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ tempoQuery:
|
|||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
{{- with .Values.cluster_config.ingress_whitelist_ips }}
|
{{- with .Values.cluster_config.ingress_whitelist }}
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
path: /
|
path: /
|
||||||
|
|||||||
Reference in New Issue
Block a user