From 5312d792edb04a87ba7cbc84d0d2d8aa6dec1ec7 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 16 Aug 2021 17:49:14 +0200
Subject: [PATCH] feat(shields): Add HSTS annotation
This patch enables HSTS on the endpoint. This should make sure that
browsers enforce HTTPS in all cases.
Reference:
https://docs.openshift.com/container-platform/4.7/networking/routes/route-configuration.html#nw-enabling-hsts_route-configuration
---
apps/okd4/shivering-isles/shields/release.yaml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/apps/okd4/shivering-isles/shields/release.yaml b/apps/okd4/shivering-isles/shields/release.yaml
index 7db0a2afe..3655a9a46 100644
--- a/apps/okd4/shivering-isles/shields/release.yaml
+++ b/apps/okd4/shivering-isles/shields/release.yaml
@@ -25,6 +25,8 @@ spec:
- secretName: shields-tls
hosts:
- ENC[AES256_GCM,data:OnxFByf2gKWQnQNXZX26l15tqWHX3gCvzxnz,iv:sNtQZGxwrw1KWorVbNcxfwQ44DpSzspKRPqmayuWi98=,tag:oVkTWCIzefqyUaqwo2uzJQ==,type:str]
+ annotations:
+ haproxy.router.openshift.io/hsts_header: max-age=31536000
imagestream:
enabled: true
sops:
@@ -33,8 +35,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2021-08-16T13:35:36Z"
- mac: ENC[AES256_GCM,data:Wdl7lhpoaiNlcuAbxK64BlEDKrDanAlEQFAcFhtHg2elrdOjzIJ6coeDNFm46amEE1OyY+JNRE+PtNjEP2OVpTFjbuTls/AQIQFFVOYDRDzfNXZOIj7WbVBIfoJrfzLJrbmvqdGkANeGp0AAXJ4Qjh+GqZuAMwqra7EtsX4Nio0=,iv:8EM5HBc1aPBQ9o7Wgs3GbnV+wXSj8ZQu4/ED9+iL/Zo=,tag:rj8EwxuEZ7qWlvbQXohD5w==,type:str]
+ lastmodified: "2021-08-16T15:49:07Z"
+ mac: ENC[AES256_GCM,data:hGV0bJXgTDcF9PhcGisCqQPkykxCxIj8Z23OsnSeQqHQzUwR1Ca4tGAyX2iTSiKGwLAff8WyYN1E8cZf4OGiLT/SrTodi3dcch+Rj60blOoPKmn3olQVIGgeuJ1FFcpvjE18lZr58V9qPxYefeb+6MOsYxXm3TAQMwjl6EMFF0U=,iv:t3PhBJr4ppkz0r4ueRuUs2oMzfF4s1o7o2yWayGo0XQ=,tag:RT0HGnQMpYzWDnY3jbAsww==,type:str]
pgp:
- created_at: "2021-08-15T21:22:17Z"
enc: |
--
GitLab