DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
k8s-ci-robot 2021-12-06 13:47:38 +00:00
parent 8b9f431ba7
commit 9277a9288a
8 changed files with 57 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

2
user-guide/nginx-configuration/annotations/index.html
View file

@ -35,7 +35,7 @@
</code></pre></div> <h3 id=enable-access-log>Enable Access Log<a class=headerlink href=#enable-access-log title="Permanent link"></a></h3> <p>Access logs are enabled by default, but in some scenarios access logs might be required to be disabled for a given ingress. To do this, use the annotation:</p> <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/enable-access-log</span><span class=p>:</span> <span class=s>&quot;false&quot;</span>
</code></pre></div> <h3 id=enable-rewrite-log>Enable Rewrite Log<a class=headerlink href=#enable-rewrite-log title="Permanent link"></a></h3> <p>Rewrite logs are not enabled by default. In some scenarios it could be required to enable NGINX rewrite logs. Note that rewrite logs are sent to the error_log file at the notice level. To enable this feature use the annotation:</p> <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/enable-rewrite-log</span><span class=p>:</span> <span class=s>&quot;true&quot;</span>
</code></pre></div> <h3 id=enable-opentracing>Enable Opentracing<a class=headerlink href=#enable-opentracing title="Permanent link"></a></h3> <p>Opentracing can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overridden to enable it or disable it for a specific ingress (e.g. to turn off tracing of external health check endpoints)</p> <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/enable-opentracing</span><span class=p>:</span> <span class=s>&quot;true&quot;</span>
</code></pre></div> <h3 id=opentracing-trust-incoming-span>Opentracing Trust Incoming Span<a class=headerlink href=#opentracing-trust-incoming-span title="Permanent link"></a></h3> <p>The option to trust incoming trace spans can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overriden to enable it or disable it for a specific ingress (e.g. only enable on a private endpoint)</p> <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/opentracing-trust-incoming-span</span><span class=p>:</span> <span class=s>&quot;true&quot;</span>
</code></pre></div> <h3 id=opentracing-trust-incoming-span>Opentracing Trust Incoming Span<a class=headerlink href=#opentracing-trust-incoming-span title="Permanent link"></a></h3> <p>The option to trust incoming trace spans can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overridden to enable it or disable it for a specific ingress (e.g. only enable on a private endpoint)</p> <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/opentracing-trust-incoming-span</span><span class=p>:</span> <span class=s>&quot;true&quot;</span>
</code></pre></div> <h3 id=x-forwarded-prefix-header>X-Forwarded-Prefix Header<a class=headerlink href=#x-forwarded-prefix-header title="Permanent link"></a></h3> <p>To add the non-standard <code>X-Forwarded-Prefix</code> header to the upstream request with a string value, the following annotation can be used:</p> <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/x-forwarded-prefix</span><span class=p>:</span> <span class=s>&quot;/path&quot;</span>
</code></pre></div> <h3 id=modsecurity>ModSecurity<a class=headerlink href=#modsecurity title="Permanent link"></a></h3> <p><a href=http://modsecurity.org/ >ModSecurity</a> is an OpenSource Web Application firewall. It can be enabled for a particular set of ingress locations. The ModSecurity module must first be enabled by enabling ModSecurity in the <a href=../configmap/#enable-modsecurity>ConfigMap</a>. Note this will enable ModSecurity for all paths, and each path must be disabled manually.</p> <p>It can be enabled using the following annotation: <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/enable-modsecurity</span><span class=p>:</span> <span class=s>&quot;true&quot;</span>
</code></pre></div> ModSecurity will run in "Detection-Only" mode using the <a href=https://github.com/SpiderLabs/ModSecurity/blob/v3/master/modsecurity.conf-recommended>recommended configuration</a>.</p> <p>You can enable the <a href=https://www.modsecurity.org/CRS/Documentation/ >OWASP Core Rule Set</a> by setting the following annotation: <div class=highlight><pre><span></span><code><span class=nt>nginx.ingress.kubernetes.io/enable-owasp-core-rules</span><span class=p>:</span> <span class=s>&quot;true&quot;</span>