Skip to content

Commit

Permalink
Merge pull request #91 from SmartColumbusOS/waf
Browse files Browse the repository at this point in the history 
waf arn annotation added to ingress
  • Loading branch information
@kcarra
kcarra authored Sep 15, 2020
2 parents 204dbc8 + b6aca4a commit 0d81921
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ def deployUiTo(params = [:]) {
def ingressScheme = internal ? 'internal' : 'internet-facing'
def dnsZone = terraformOutputs.internal_dns_zone_name.value
def rootDnsZone = terraformOutputs.root_dns_zone_name.value
def wafARN = terraformOutputs.eks_cluster_waf_acl_arn.value

sh("""#!/bin/bash
set -e
Expand All @@ -93,6 +94,7 @@ def deployUiTo(params = [:]) {
--set ingress.dnsZone="${dnsZone}" \
--set ingress.rootDnsZone="${rootDnsZone}" \
--set ingress.certificateARN="${certificateARNs}" \
--set ingress.wafARN="${wafARN}" \
--set image.tag="${env.GIT_COMMIT_HASH}"
""".trim())
}
Expand Down
1 change: 1 addition & 0 deletions chart/templates/ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ metadata:
alb.ingress.kubernetes.io/actions.redirect: '{"Type": "redirect", "RedirectConfig":{"Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
alb.ingress.kubernetes.io/wafv2-acl-arn: {{ .Values.ingress.wafARN }}
spec:
backend:
serviceName: {{ .Chart.Name }}
Expand Down
1 change: 1 addition & 0 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ ingress:
subnets: ""
securityGroups: ""
certificateARN: ""
wafARN: ""
dnsZone: "localhost"
rootDnsZone: "localhost"
service:
Expand Down

0 comments on commit 0d81921

Please sign in to comment.