Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • 1027-fine-tune-container-memory-requests
  • 1196-update-to-nc-23
  • ci_on_renovate_updates
  • 1175-update-k3s
  • 1175-update-flux
  • move-vps-termination-to-own-job
  • v0.8
  • v0.7
  • 1058-dependency-image-proxy-is-not-used-in-ci-anymore
  • oas-gh.greenhost.net
  • v0.6
  • arie-test-backups
  • 0.8.0
  • 0.7.0
  • 0.1.0
  • 0.6.0
  • 0.5.0
  • 0.4.0
  • 0.3.1
  • 0.3.0
  • 0.2.2
  • 0.2.1
  • 0.2.0
24 results
Blame History Permalink
Forked from stackspin / stackspin
4707 commits behind the upstream repository.
security.rst 1.11 KiB

Security

Access control

By default, the applications on your OAS cluster will be exposed to the whole internet (although they are password protected).

If you like to limit who can access your cluster resources you can configure the OAS ingress (ingress-nginx) to only accept connections from a certain IP address or range.

Follow the :ref:`customizing:Customize OAS applications` instructions, but use the following secret as install/overrides/oas-nginx-override.yml and apply the secret in the oas namespace instead of oas-apps. Replace the source range with the IP address ranges you want to allow.

---
apiVersion: v1
kind: secret
metadata:
  name: oas-nginx-override
data:
  values.yaml: |
    controller:
      config:
        # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range
        # comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.
        whitelist-source-range: 1.2.3.4/24