diff --git a/charts/ingress-nginx.yaml b/charts/ingress-nginx.yaml
index 16faf24c84..81a44660e4 100644
--- a/charts/ingress-nginx.yaml
+++ b/charts/ingress-nginx.yaml
@@ -1,6 +1,9 @@
controller:
allowSnippetAnnotations: true
+ config:
+ custom-http-errors: "403,404,500,503"
+
image:
digest: null
repository: __image__(nginx-ingress-controller)
@@ -19,12 +22,12 @@ controller:
kind: DaemonSet
tolerations:
- - key: "node-role.kubernetes.io/bootstrap"
- operator: "Exists"
- effect: "NoSchedule"
- - key: "node-role.kubernetes.io/infra"
- operator: "Exists"
- effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/bootstrap"
+ operator: "Exists"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/infra"
+ operator: "Exists"
+ effect: "NoSchedule"
service:
type: ClusterIP
@@ -43,3 +46,24 @@ controller:
defaultBackend:
enabled: false
+ extraConfigMaps:
+ - name: cis
+ labels:
+ type: hardening
+ data:
+ keep-alive: '10'
+ hide-headers: 'Server,X-Powered-By'
+ ssl-protocols: 'TLSv1.3'
+ ssl-ciphers: 'ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!SSLv3:!MD5:!RC4'
+ enable-ocsp: 'true'
+ client-header-timeout: '10'
+ client-body-timeout: '10'
+ - name: custom-404.html
+ labels:
+ type: custom-404
+ data:
+ custom-404.html: |
+
+
Page Not Found
+ 404 - Page Not Found
+
diff --git a/salt/metalk8s/addons/nginx-ingress/config/ingress-controller.yaml.j2 b/salt/metalk8s/addons/nginx-ingress/config/ingress-controller.yaml.j2
index 2aa5243d7d..5670116298 100644
--- a/salt/metalk8s/addons/nginx-ingress/config/ingress-controller.yaml.j2
+++ b/salt/metalk8s/addons/nginx-ingress/config/ingress-controller.yaml.j2
@@ -6,3 +6,37 @@ kind: IngressControllerConfig
spec:
config:
allow-snippet-annotations: 'true'
+ keep-alive: '10'
+ hide-headers: 'Server,X-Powered-By'
+ ssl-protocols: 'TLSv1.3'
+ ssl-ciphers: 'EECDH:EDH:!NULL:!SSLv2:!RC4:!aNULL:!3DES:!IDEA'
+ client-header-timeout: '10'
+ client-body-timeout: '10'
+ proxy-body-size: '10m'
+ large-client-header-buffers: '2 1k'
+ enable-brotli: 'true'
+ brotli-level: '6'
+ 403: |
+
+
+ FORBIDDEN
+ FORBIDDEN
+
+ 404: |
+
+
+ PAGE NOT FOUND
+ PAGE NOT FOUND
+
+ 500: |
+
+
+ INTERNAL SERVER ERROR
+ INTERNAL SERVER ERROR
+
+ 503: |
+
+
+ CUSTOM SERVICE UNAVAILABLE
+ CUSTOM SERVICE UNAVAILABLE
+
\ No newline at end of file
diff --git a/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls b/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls
index e62d8062ba..da6b424183 100644
--- a/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls
+++ b/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls
@@ -439,6 +439,10 @@ kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: 'true'
+ nginx.ingress.kubernetes.io/limit-connections: '10'
+ nginx.ingress.kubernetes.io/limit-rps: '10'
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ add_header Referrer-Policy 'no-referrer';
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx