Add new annotations
This commit is contained in:
Julio Camarero
parent
c6a2d9afb3
commit
b112acdbb9
1 changed files with 27 additions and 7 deletions
|
|
@ -45,13 +45,15 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
proxySSLSecretAnnotation = "proxy-ssl-secret"
|
proxySSLSecretAnnotation = "proxy-ssl-secret"
|
||||||
proxySSLCiphersAnnotation = "proxy-ssl-ciphers"
|
proxySSLClientSecretAnnotation = "proxy-ssl-client-secret" // #nosec
|
||||||
proxySSLProtocolsAnnotation = "proxy-ssl-protocols"
|
proxySSLCAConfigMapAnnotation = "proxy-ssl-ca-configmap"
|
||||||
proxySSLNameAnnotation = "proxy-ssl-name"
|
proxySSLCiphersAnnotation = "proxy-ssl-ciphers"
|
||||||
proxySSLVerifyAnnotation = "proxy-ssl-verify"
|
proxySSLProtocolsAnnotation = "proxy-ssl-protocols"
|
||||||
proxySSLVerifyDepthAnnotation = "proxy-ssl-verify-depth"
|
proxySSLNameAnnotation = "proxy-ssl-name"
|
||||||
proxySSLServerNameAnnotation = "proxy-ssl-server-name"
|
proxySSLVerifyAnnotation = "proxy-ssl-verify"
|
||||||
|
proxySSLVerifyDepthAnnotation = "proxy-ssl-verify-depth"
|
||||||
|
proxySSLServerNameAnnotation = "proxy-ssl-server-name"
|
||||||
)
|
)
|
||||||
|
|
||||||
var proxySSLAnnotation = parser.Annotation{
|
var proxySSLAnnotation = parser.Annotation{
|
||||||
|
|
@ -66,6 +68,24 @@ var proxySSLAnnotation = parser.Annotation{
|
||||||
This annotation expects the Secret name in the form "namespace/secretName"
|
This annotation expects the Secret name in the form "namespace/secretName"
|
||||||
Just secrets on the same namespace of the ingress can be used.`,
|
Just secrets on the same namespace of the ingress can be used.`,
|
||||||
},
|
},
|
||||||
|
proxySSLClientSecretAnnotation: {
|
||||||
|
Validator: parser.ValidateRegex(parser.BasicCharsRegex, true),
|
||||||
|
Scope: parser.AnnotationScopeIngress,
|
||||||
|
Risk: parser.AnnotationRiskMedium,
|
||||||
|
Documentation: `This annotation specifies a Secret with the certificate tls.crt, key tls.key in PEM format used for authentication to a proxied HTTPS server.
|
||||||
|
If the annotation proxy-ssl-secret is also present, the tls.crt and tls.key from this secret will take precedence.
|
||||||
|
This annotation expects the Secret name in the form "namespace/secretName"
|
||||||
|
Just secrets on the same namespace of the ingress can be used.`,
|
||||||
|
},
|
||||||
|
proxySSLCAConfigMapAnnotation: {
|
||||||
|
Validator: parser.ValidateRegex(parser.BasicCharsRegex, true),
|
||||||
|
Scope: parser.AnnotationScopeIngress,
|
||||||
|
Risk: parser.AnnotationRiskMedium,
|
||||||
|
Documentation: `This annotation specifies a ConfigMap with the trusted CA certificates ca.crt in PEM format used to verify the certificate of the proxied HTTPS server.
|
||||||
|
If the annotation proxy-ssl-secret is also present, ca tls.crt and ca.clr (revocation list) from this configMap will take precedence.
|
||||||
|
This annotation expects the ConfigMap name in the form "namespace/configMapName"
|
||||||
|
Just configMaps on the same namespace of the ingress can be used.`,
|
||||||
|
},
|
||||||
proxySSLCiphersAnnotation: {
|
proxySSLCiphersAnnotation: {
|
||||||
Validator: parser.ValidateRegex(proxySSLCiphersRegex, true),
|
Validator: parser.ValidateRegex(proxySSLCiphersRegex, true),
|
||||||
Scope: parser.AnnotationScopeIngress,
|
Scope: parser.AnnotationScopeIngress,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue