DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement pathType validation (#9511)

Browse source
This commit is contained in:
Ricardo Katz 2023-01-16 23:51:23 -03:00 committed by GitHub
parent e6dcd6845e
commit da98c744b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 373 additions and 207 deletions
Download patch file Download diff file Expand all files Collapse all files

1
charts/ingress-nginx/README.md
View file

@ -311,6 +311,7 @@ Kubernetes: `>=1.20.0-0`
| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
| controller.customTemplate.configMapKey | string | `""` | |
| controller.customTemplate.configMapName | string | `""` | |
| controller.disablePathTypeValidation | bool | `false` | This configuration defines if Ingress Controller should validate pathType. If this is true, special characters will be allowed on paths of any pathType. If false, special characters are only allowed on paths with pathType = ImplementationSpecific |
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |

1
charts/ingress-nginx/templates/controller-configmap.yaml
View file

@ -14,6 +14,7 @@ metadata:
namespace: {{ .Release.Namespace }}
data:
allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
disable-pathtype-validation: "{{ .Values.controller.disablePathTypeValidation }}"
{{- if .Values.controller.addHeaders }}
add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
{{- end }}

5
charts/ingress-nginx/values.yaml
View file

@ -87,6 +87,11 @@ controller:
# Global snippets in ConfigMap are still respected
allowSnippetAnnotations: true
# -- This configuration defines if Ingress Controller should validate pathType.
# If this is true, special characters will be allowed on paths of any pathType. If
# false, special characters are only allowed on paths with pathType = ImplementationSpecific
disablePathTypeValidation: false
# -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged