(security) Optionally only allow MAAS api access

- MAAS does not allow you to turn off the gui which may be desired in some scenarios. Use Ingress rules to do so optionally. Change-Id: I22f637ebd2dbbd7c552fd4644bcf27cc9b9661d8
2019-01-18 15:55:45 -06:00 · 2019-01-18 15:55:45 -06:00 · a833b682db
commit a833b682db
parent 7f50e96ff3
2 changed files with 5 additions and 0 deletions
--- a/charts/maas/templates/ingress-region.yaml
+++ b/charts/maas/templates/ingress-region.yaml
@ -27,7 +27,11 @@ spec:
    - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
      http:
        paths:
+{{- if .Values.conf.maas.ingress_disable_gui }}
+          - path: /MAAS/api
+{{- else }}
          - path: /
+{{- end }}
            backend:
              serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
              servicePort: region-api
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@ -154,6 +154,7 @@ conf:
    override:
    append:
    http_boot: true
+    ingress_disable_gui: false
    ntp:
      # These options allow you to mock out the ntpd binary within the container
      # by overwriting it with a script that simply sleeps - this is useful in