forked from hswaw/hscloud
cluster/kube: nginx: add Hscloud-Nic-Source-* headers
These can be used by production jobs to get the source port of the client connecting over HTTP. A followup CR implements just that. Change-Id: Ic8e29eaf806bb196d8cfcfb604ff66ae4d0d166amaster
parent
ba28a04c65
commit
e17f7edde0
|
@ -41,7 +41,46 @@ local policies = import "../../../kube/policies.libsonnet";
|
|||
make(name):: kube.ConfigMap(name) {
|
||||
metadata+: env.metadata,
|
||||
},
|
||||
configuration: env.maps.make("nginx-configuration"),
|
||||
configuration: env.maps.make("nginx-configuration") {
|
||||
data: {
|
||||
"proxy-set-headers": "%s/nginx-custom-headers" % [cfg.namespace],
|
||||
},
|
||||
},
|
||||
customHeaders: env.maps.make("nginx-custom-headers") {
|
||||
data: {
|
||||
# RFC6648 deprecates X-prefixed headers as a convention in
|
||||
# multiple application protocols, including HTTP. It
|
||||
# recommends that any new headers should just start off
|
||||
# with a final standardized name, ie. suggests to use
|
||||
# Toaster-ID instead of X-Toaster-ID.
|
||||
#
|
||||
# However, it also acknowledges that headers likely to
|
||||
# never be standardized can still be prefixed with OrgName-
|
||||
# or other constructs. And since we're not even attempting
|
||||
# to standardize anything here, this is what we use to
|
||||
# prefix hscloud-specific headers.
|
||||
#
|
||||
# Hscloud == hscloud, this repository.
|
||||
# Nic == nginx-ingress-controller, this ingress controller.
|
||||
|
||||
# Set source port/addr. Source-IP duplicates
|
||||
# X-Forwarded-For, but is added for consistency with
|
||||
# Source-Port.
|
||||
#
|
||||
# Source-IP is an IP address in two possible formats:
|
||||
# IPv4: "1.2.3.4"
|
||||
# IPv6: "2a0d:1234::42"
|
||||
# Any other format received by services should be
|
||||
# considered invalid, and the service should assume a
|
||||
# misconfiguration of the N-I-C.
|
||||
"Hscloud-Nic-Source-IP": "${remote_addr}",
|
||||
# Source-Port is a stringified TCP port, encoding a port
|
||||
# number from 1 to 65535. Any other value received by
|
||||
# services should be considered invalid, and the service
|
||||
# should assume a misconfiguration of the N-I-C.
|
||||
"Hscloud-Nic-Source-Port": "${remote_port}",
|
||||
},
|
||||
},
|
||||
tcp: env.maps.make("tcp-services") {
|
||||
data: {
|
||||
"22": "gerrit/gerrit:22",
|
||||
|
|
Loading…
Reference in New Issue