deploy(tenant): add bluejay.dev edge controls
This commit is contained in:
Andrew Stoltz
@@ -11,8 +11,18 @@
|
|||||||
],
|
],
|
||||||
"routes": [
|
"routes": [
|
||||||
{
|
{
|
||||||
"kind": "Rule",
|
"kind": "Rule",
|
||||||
"match": "Host(`bluejay.dev`) || Host(`www.bluejay.dev`)",
|
"match": "Host(`bluejay.dev`) || Host(`www.bluejay.dev`)",
|
||||||
|
"middlewares": [
|
||||||
|
{
|
||||||
|
"name": "andrew-tenant-rate-limit",
|
||||||
|
"namespace": "fc-tenant-andrew"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "andrew-tenant-secure-headers",
|
||||||
|
"namespace": "fc-tenant-andrew"
|
||||||
|
}
|
||||||
|
],
|
||||||
"priority": 100,
|
"priority": 100,
|
||||||
"services": [
|
"services": [
|
||||||
{
|
{
|
||||||
@@ -21,9 +31,13 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"tls": {
|
"tls": {
|
||||||
"secretName": "cf-origin-bluejay-dev"
|
"options": {
|
||||||
}
|
"name": "andrew-tenant-tls13",
|
||||||
}
|
"namespace": "fc-tenant-andrew"
|
||||||
}
|
},
|
||||||
|
"secretName": "cf-origin-bluejay-dev"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,15 @@
|
|||||||
|
{
|
||||||
|
"apiVersion": "traefik.io/v1alpha1",
|
||||||
|
"kind": "Middleware",
|
||||||
|
"metadata": {
|
||||||
|
"name": "andrew-tenant-rate-limit",
|
||||||
|
"namespace": "fc-tenant-andrew"
|
||||||
|
},
|
||||||
|
"spec": {
|
||||||
|
"rateLimit": {
|
||||||
|
"average": 120,
|
||||||
|
"burst": 240,
|
||||||
|
"period": "1m"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
"apiVersion": "traefik.io/v1alpha1",
|
||||||
|
"kind": "Middleware",
|
||||||
|
"metadata": {
|
||||||
|
"name": "andrew-tenant-secure-headers",
|
||||||
|
"namespace": "fc-tenant-andrew"
|
||||||
|
},
|
||||||
|
"spec": {
|
||||||
|
"headers": {
|
||||||
|
"contentTypeNosniff": true,
|
||||||
|
"browserXssFilter": true,
|
||||||
|
"referrerPolicy": "strict-origin-when-cross-origin",
|
||||||
|
"stsSeconds": 31536000,
|
||||||
|
"stsIncludeSubdomains": true,
|
||||||
|
"stsPreload": false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
"apiVersion": "traefik.io/v1alpha1",
|
||||||
|
"kind": "TLSOption",
|
||||||
|
"metadata": {
|
||||||
|
"name": "andrew-tenant-tls13",
|
||||||
|
"namespace": "fc-tenant-andrew"
|
||||||
|
},
|
||||||
|
"spec": {
|
||||||
|
"minVersion": "VersionTLS13"
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1110,9 +1110,10 @@ public sealed class FleetManifestLintTests
|
|||||||
servicePort.GetProperty("targetPort").GetInt32().Should().Be(8080);
|
servicePort.GetProperty("targetPort").GetInt32().Should().Be(8080);
|
||||||
|
|
||||||
using var ingressRoute = JsonDocument.Parse(File.ReadAllText(Path.Combine(appRoot, "ingressroute-andrew-web.json")));
|
using var ingressRoute = JsonDocument.Parse(File.ReadAllText(Path.Combine(appRoot, "ingressroute-andrew-web.json")));
|
||||||
var serviceRef = ingressRoute.RootElement
|
var route = ingressRoute.RootElement
|
||||||
.GetProperty("spec")
|
.GetProperty("spec")
|
||||||
.GetProperty("routes")[0]
|
.GetProperty("routes")[0];
|
||||||
|
var serviceRef = route
|
||||||
.GetProperty("services")
|
.GetProperty("services")
|
||||||
.EnumerateArray()
|
.EnumerateArray()
|
||||||
.Should()
|
.Should()
|
||||||
@@ -1120,6 +1121,31 @@ public sealed class FleetManifestLintTests
|
|||||||
.Subject;
|
.Subject;
|
||||||
serviceRef.GetProperty("name").GetString().Should().Be("andrew-web-waf");
|
serviceRef.GetProperty("name").GetString().Should().Be("andrew-web-waf");
|
||||||
serviceRef.GetProperty("port").GetInt32().Should().Be(8080);
|
serviceRef.GetProperty("port").GetInt32().Should().Be(8080);
|
||||||
|
|
||||||
|
route.GetProperty("middlewares")
|
||||||
|
.EnumerateArray()
|
||||||
|
.Select(item => item.GetProperty("name").GetString())
|
||||||
|
.Should()
|
||||||
|
.Equal("andrew-tenant-rate-limit", "andrew-tenant-secure-headers");
|
||||||
|
|
||||||
|
using var rateLimit = JsonDocument.Parse(File.ReadAllText(Path.Combine(appRoot, "middleware-andrew-tenant-rate-limit.json")));
|
||||||
|
rateLimit.RootElement.GetProperty("spec").GetProperty("rateLimit").GetProperty("average").GetInt32().Should().Be(120);
|
||||||
|
|
||||||
|
using var headers = JsonDocument.Parse(File.ReadAllText(Path.Combine(appRoot, "middleware-andrew-tenant-secure-headers.json")));
|
||||||
|
var headerSpec = headers.RootElement.GetProperty("spec").GetProperty("headers");
|
||||||
|
headerSpec.GetProperty("contentTypeNosniff").GetBoolean().Should().BeTrue();
|
||||||
|
headerSpec.GetProperty("stsSeconds").GetInt32().Should().Be(31536000);
|
||||||
|
|
||||||
|
using var tlsOption = JsonDocument.Parse(File.ReadAllText(Path.Combine(appRoot, "tlsoption-andrew-tenant-tls13.json")));
|
||||||
|
tlsOption.RootElement.GetProperty("spec").GetProperty("minVersion").GetString().Should().Be("VersionTLS13");
|
||||||
|
ingressRoute.RootElement
|
||||||
|
.GetProperty("spec")
|
||||||
|
.GetProperty("tls")
|
||||||
|
.GetProperty("options")
|
||||||
|
.GetProperty("name")
|
||||||
|
.GetString()
|
||||||
|
.Should()
|
||||||
|
.Be("andrew-tenant-tls13");
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|||||||
Reference in New Issue
Block a user