summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Hussey <sh8121@att.com>2019-01-18 15:55:45 -0600
committerScott Hussey <sh8121@att.com>2019-02-04 11:25:44 -0600
commita833b682db38b5c9bfcd5f528faabd7aa8862b48 (patch)
tree921a5621ed1a77ce99a9c67e89c40d24044c4255
parent7f50e96ff37cbfd95611066eded6a715509b4e7e (diff)
(security) Optionally only allow MAAS api access
- MAAS does not allow you to turn off the gui which may be desired in some scenarios. Use Ingress rules to do so optionally. Change-Id: I22f637ebd2dbbd7c552fd4644bcf27cc9b9661d8
Notes
Notes (review): Code-Review+1: Smruti Soumitra Khuntia <sk698p@att.com> Code-Review+1: Rick Bartra <rb560u@att.com> Code-Review+1: Dan Crank <dan.no@att.com> Code-Review+2: Sean Eagan <sean.eagan@att.com> Code-Review+1: diwakar thyagaraj <dt241s@att.com> Code-Review+1: Nishant Kumar <nishant.e.kumar@ericsson.com> Code-Review+1: Vladyslav Drok <vdrok@mirantis.com> Code-Review+1: Michael Beaver <michaelbeaver64@gmail.com> Code-Review+2: Matt McEuen <matt.mceuen@att.com> Workflow+1: Matt McEuen <matt.mceuen@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 28 Feb 2019 18:58:40 +0000 Reviewed-on: https://review.openstack.org/631892 Project: openstack/airship-maas Branch: refs/heads/master
-rw-r--r--charts/maas/templates/ingress-region.yaml4
-rw-r--r--charts/maas/values.yaml1
2 files changed, 5 insertions, 0 deletions
diff --git a/charts/maas/templates/ingress-region.yaml b/charts/maas/templates/ingress-region.yaml
index 9801fae..089f97f 100644
--- a/charts/maas/templates/ingress-region.yaml
+++ b/charts/maas/templates/ingress-region.yaml
@@ -27,7 +27,11 @@ spec:
27 - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} 27 - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
28 http: 28 http:
29 paths: 29 paths:
30{{- if .Values.conf.maas.ingress_disable_gui }}
31 - path: /MAAS/api
32{{- else }}
30 - path: / 33 - path: /
34{{- end }}
31 backend: 35 backend:
32 serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} 36 serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
33 servicePort: region-api 37 servicePort: region-api
diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml
index 7be752f..f475f43 100644
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@@ -154,6 +154,7 @@ conf:
154 override: 154 override:
155 append: 155 append:
156 http_boot: true 156 http_boot: true
157 ingress_disable_gui: false
157 ntp: 158 ntp:
158 # These options allow you to mock out the ntpd binary within the container 159 # These options allow you to mock out the ntpd binary within the container
159 # by overwriting it with a script that simply sleeps - this is useful in 160 # by overwriting it with a script that simply sleeps - this is useful in