Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Route security management by end user
Add a new route annotation "haproxy.router.openshift.io/ip_whitelist" that specifies a space separated list of white listed source IP addresses and/or CIDRs. Requests from IP addresses that are not in the whitelist are dropped. When the annotation is present for a route a acl is set up in the backend with the whitelist. This PR addresses issue #13709 Some examples: When editing a route add the following annotation to define the desired source ip's. 1) allow only one ip haproxy.router.openshift.io/whitelist: 192.168.1.10 2) several ip's haproxy.router.openshift.io/whitelist: 192.168.1.10 192.168.1.11 192.168.1.12 3) ip ranges haproxy.router.openshift.io/whitelist: 192.168.1.0/24 4) ip's and ranges haproxy.router.openshift.io/whitelist: 180.5.61.153 192.168.1.0/24 10.0.0.0/8 Trello: TbZPhHKE Route security management by end user https://trello.com/c/TbZPhHKE/ Bug: 1426562 https://bugzilla.redhat.com/show_bug.cgi?id=1426562 Committer: pcameron@redhat.com Author: aranda@redhat.com
- Loading branch information