DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix the gosec test and a make target for it

Browse source
This commit is contained in:
James Strong 2022-06-15 13:19:30 -04:00
parent 902c9dbee8
commit f5d3ab4505
No known key found for this signature in database
GPG key ID: 11048BF1C893BC89
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/ingress/controller/nginx.go
View file

@ -110,9 +110,11 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro
if n.cfg.ValidationWebhook != "" {
n.validationWebhookServer = &http.Server{
Addr: config.ValidationWebhook,
Handler: adm_controller.NewAdmissionControllerServer(&adm_controller.IngressAdmission{Checker: n}),
TLSConfig: ssl.NewTLSListener(n.cfg.ValidationWebhookCertPath, n.cfg.ValidationWebhookKeyPath).TLSConfig(),
Addr: config.ValidationWebhook,
//G112 (CWE-400): Potential Slowloris Attack
ReadHeaderTimeout: 10 * time.Second,
Handler: adm_controller.NewAdmissionControllerServer(&adm_controller.IngressAdmission{Checker: n}),
TLSConfig: ssl.NewTLSListener(n.cfg.ValidationWebhookCertPath, n.cfg.ValidationWebhookKeyPath).TLSConfig(),
// disable http/2
// https://github.com/kubernetes/kubernetes/issues/80313
// https://github.com/kubernetes/ingress-nginx/issues/6323#issuecomment-737239159