ministryofjustice/Claim-for-Crown-Court-Defence

View on GitHub
.k8s/live/dev-lgfs/ingress.yaml

Summary

Maintainability
Test Coverage
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/set-identifier: cccd-app-ingress-v1-cccd-dev-lgfs-green
    external-dns.alpha.kubernetes.io/aws-weight: "100"
    nginx.ingress.kubernetes.io/enable-modsecurity: "true"
    nginx.ingress.kubernetes.io/modsecurity-snippet: |
      SecRuleRemoveById 920120
      SecRuleEngine On
      SecRequestBodyLimit 29360128
      SecDefaultAction "phase:2,pass,log,tag:github_team=crime-billing-online"
      SecAction "id:900110,phase:1,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=6"
      SecAction "id:900200,phase:1,nolog,pass,t:none,setvar:tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE"
      SecRuleRemoveById 200002
      SecRuleRemoveById 200003
      SecRule REQUEST_URI "@contains /messages" "id:1000,phase:2,pass,nolog,ctl:ruleRemoveById=921110,ctl:ruleRemoveById=933210"
    nginx.ingress.kubernetes.io/server-snippet: |
      deny 116.204.211.188;
      deny 94.154.188.130;
      if ($http_spider_name ~* "crawlergo") {
        return 403;
      }
  name: cccd-app-ingress-v1
  namespace: cccd-dev-lgfs
spec:
  ingressClassName: modsec
  rules:
    - host: dev-lgfs.claim-crown-court-defence.service.justice.gov.uk
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: cccd-app-service
                port:
                  number: 80
    - host: dev-clar.claim-crown-court-defence.service.justice.gov.uk
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: cccd-app-service
                port:
                  number: 80
  tls:
    - hosts:
      - dev-lgfs.claim-crown-court-defence.service.justice.gov.uk
      - dev-clar.claim-crown-court-defence.service.justice.gov.uk
      secretName: cccd-dev-lgfs-cert