This repository was archived by the owner on Aug 6, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathingress-real-world-example.yaml
83 lines (83 loc) · 2.19 KB
/
ingress-real-world-example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# We are allowing 10 requests per second per IP address.
"guardgress/limit-period": "10-S"
# The following IP addresses are allowed to bypass the rate limit.
"guardgress/limit-ip-whitelist": "127.0.0.1,127.0.0.2"
# The following paths are allowed to bypass the rate limit.
"guardgress/limit-path-whitelist": "/shop/products,/shop/checkout"
name: shop
namespace: default
spec:
ingressClassName: guardgress
rules:
- host: shop.guardgress.com
http:
paths:
- backend:
service:
name: shop
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- shop.guardgress.com
secretName: shop-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# Only allow the following IP addresses to access the admin dashboard.
"guardgress/whitelist-ip-source-range": "192.168.1.0/8,192.170.1.0/8"
name: shop
namespace: default
spec:
ingressClassName: guardgress
rules:
- host: shop.guardgress.com
http:
paths:
- backend:
service:
name: shop
port:
number: 8080
path: /admin
pathType: Exact
tls:
- hosts:
- shop.guardgress.com
secretName: shop-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# The following user agents are blocked on the product routes.
"guardgress/user-agent-blacklist": "curl/7.64.*,curl/7.65.*"
# The following JA3,JA4 fingerprints are blocked on the product routes.
"guardgress/tls-fingerprint-blacklist": "d41d8cd98f00b204e9800998ecf8427a,t13d1715h2_5b57614c22b0_93c746dc12af"
name: shop
namespace: default
spec:
ingressClassName: guardgress
rules:
- host: shop.guardgress.com
http:
paths:
- backend:
service:
name: shop
port:
number: 8080
path: /products/
pathType: Prefix
tls:
- hosts:
- shop.guardgress.com
secretName: shop-tls