starlingx/nginx-ingress-controller-armada-app
Code Issues Proposed changes

Merge "Mitigate CVE-2022-4886 and CVE-2023-5044"

Browse Source
This commit is contained in:
Zuul 2023-11-16 21:55:59 +00:00 committed by Gerrit Code Review
commit d90689df7f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/fluxcd-manifests/ingress-nginx/ingress-nginx-static-overrides.yaml
View File

@ -6,6 +6,8 @@
imagePullSecrets: [{"name": "default-registry-key"}] imagePullSecrets: [{"name": "default-registry-key"}]
controller: controller:
# This fixes CVE-2023-5044: https://github.com/kubernetes/ingress-nginx/issues/10572
enableAnnotationValidations: true
kind: DaemonSet kind: DaemonSet
image: image:
# cleans the default digest value since sysinv changes the digest when pushing the image to the local registry # cleans the default digest value since sysinv changes the digest when pushing the image to the local registry
@ -23,6 +25,8 @@ controller:
# See https://bugs.launchpad.net/starlingx/+bug/1823803 # See https://bugs.launchpad.net/starlingx/+bug/1823803
# Note quotes are necessary. # Note quotes are necessary.
worker-processes: '1' worker-processes: '1'
# This fixes CVE-2022-4886: https://github.com/kubernetes/ingress-nginx/issues/10570
strict-validate-path-type: true
scope: scope:
enabled: false enabled: false
service: service: