From 906f9a5f15e1647c00d489076b40ece780bb98d2 Mon Sep 17 00:00:00 2001 From: "Ritchie, Frank (fr801x)" Date: Mon, 29 Jan 2024 10:58:42 -0500 Subject: [PATCH] Change pathtype to prefix Due to cve-2022-4886 the default pathType for an ingress should be either "Exact" or "Prefix". This allows for more strict path validation by the admission controller. Change-Id: I1089bd5c893685fe3b2bcd6868da2f2b761e144f --- charts/maas/templates/ingress-region.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/maas/templates/ingress-region.yaml b/charts/maas/templates/ingress-region.yaml index 939898c..d32a907 100644 --- a/charts/maas/templates/ingress-region.yaml +++ b/charts/maas/templates/ingress-region.yaml @@ -28,28 +28,28 @@ spec: paths: {{- if .Values.conf.maas.ingress_disable_gui }} - path: /MAAS/api - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} port: name: region-api - path: /MAAS/images-stream - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} port: name: region-api - path: /MAAS/metadata - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} port: name: region-api - path: /MAAS/rpc - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -57,7 +57,7 @@ spec: name: region-api {{- else }} - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}