From 8586239a60c87210af704d1ba7bf1a11664bc191 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Sun, 31 Dec 2023 04:00:13 +0100 Subject: [PATCH] chore(monitoring): Restrict access to monitoring to VPN --- clusters/k8s01/monitoring/ingress.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/clusters/k8s01/monitoring/ingress.yaml b/clusters/k8s01/monitoring/ingress.yaml index 17681e5e9..22ab51cc9 100644 --- a/clusters/k8s01/monitoring/ingress.yaml +++ b/clusters/k8s01/monitoring/ingress.yaml @@ -7,6 +7,7 @@ metadata: nginx.ingress.kubernetes.io/auth-response-headers: Authorization nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri + nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/24 spec: rules: - host: ENC[AES256_GCM,data:k1mCBDKYvRLLC489r7yvk9PRDsQh5IgUpOaOfdhpQCwUNN8=,iv:AuBQnC2duZJM5/aYASq6gcovFPhECGk9EWjMaBgeRzQ=,tag:VdMb/Rn54dWpbDjxbEjPvA==,type:str] -- GitLab