Merge pull request #36 from mlibrary/asc-47-restrict-staff-routes

Add allow-list annotation to base `route-staff.yaml` (ASC-47)
mlibrary · Dec 6, 2023 · bec34bf · bec34bf
2 parents 9e70534 + 2c810cb
commit bec34bf
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/k8s/base-with-cert/app/route-staff.yaml b/k8s/base-with-cert/app/route-staff.yaml
@@ -1,4 +1,6 @@
-- op: add
-  path: /metadata/annotations
-  value:
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: aspace-staff
+  annotations:
     cert-utils-operator.redhat-cop.io/certs-from-secret: cert-secret
diff --git a/k8s/base-with-cert/kustomization.yaml b/k8s/base-with-cert/kustomization.yaml
@@ -5,7 +5,3 @@ resources:
 - app/cert.yaml
 patches:
 - path: app/route-staff.yaml
-  target:
-    kind: Route
-    name: aspace-staff
-    version: v1
diff --git a/k8s/base/app/route-staff.yml b/k8s/base/app/route-staff.yml
@@ -4,6 +4,10 @@ metadata:
   labels:
     service: aspace
   name: aspace-staff
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: >-
+      35.1.0.0/16 35.2.0.0/16 35.3.0.0/16 35.4.0.0/16 35.5.0.0/16 35.7.0.0/18
+      35.7.128.0/18 141.211.0.0/16 141.213.128.0/17
 spec:
   # host: something.something.umich.edu
   port: