Browse Source

(security) Optionally only allow MAAS api access

- MAAS does not allow you to turn off the gui which
  may be desired in some scenarios. Use Ingress rules
  to do so optionally.

Change-Id: I22f637ebd2dbbd7c552fd4644bcf27cc9b9661d8
changes/92/631892/2
Scott Hussey 4 months ago
parent
commit
a833b682db
2 changed files with 5 additions and 0 deletions
  1. 4
    0
      charts/maas/templates/ingress-region.yaml
  2. 1
    0
      charts/maas/values.yaml

+ 4
- 0
charts/maas/templates/ingress-region.yaml View File

@@ -27,7 +27,11 @@ spec:
27 27
     - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
28 28
       http:
29 29
         paths:
30
+{{- if .Values.conf.maas.ingress_disable_gui }}
31
+          - path: /MAAS/api
32
+{{- else }}
30 33
           - path: /
34
+{{- end }}
31 35
             backend:
32 36
               serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
33 37
               servicePort: region-api

+ 1
- 0
charts/maas/values.yaml View File

@@ -154,6 +154,7 @@ conf:
154 154
     override:
155 155
     append:
156 156
     http_boot: true
157
+    ingress_disable_gui: false
157 158
     ntp:
158 159
       # These options allow you to mock out the ntpd binary within the container
159 160
       # by overwriting it with a script that simply sleeps - this is useful in

Loading…
Cancel
Save