From 06e00a505ebd7b9c041451fa4423a1dc8ab15593 Mon Sep 17 00:00:00 2001 From: Michael Kotten Date: Thu, 30 Nov 2023 16:42:01 +0100 Subject: [PATCH] Adds security config for dashboard (https://github.com/apache/apisix-helm-chart/issues/673) --- charts/apisix-dashboard/templates/configmap.yaml | 4 ++++ charts/apisix-dashboard/values.yaml | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/charts/apisix-dashboard/templates/configmap.yaml b/charts/apisix-dashboard/templates/configmap.yaml index e5511954..ebaf2054 100644 --- a/charts/apisix-dashboard/templates/configmap.yaml +++ b/charts/apisix-dashboard/templates/configmap.yaml @@ -54,6 +54,10 @@ data: access_log: file_path: {{ .accessLog.filePath }} {{- end }} + {{- if .security }} + security: + {{- toYaml .security | nindent 6 }} + {{- end }} {{- end }} {{- with .Values.config.authentication }} authentication: diff --git a/charts/apisix-dashboard/values.yaml b/charts/apisix-dashboard/values.yaml index 2f0d89b2..a6c24c8d 100644 --- a/charts/apisix-dashboard/values.yaml +++ b/charts/apisix-dashboard/values.yaml @@ -115,6 +115,14 @@ config: accessLog: # -- Error log path filePath: /dev/stdout + security: {} + # access_control_allow_origin: http://httpbin.org + # access_control_allow_credentials: true # support using custom cors configration + # access_control_allow_headers: "Authorization" + # access_control-allow_methods: "*" + # x_frame_options: "deny" + # content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel. + # -- Overrides plugins in the APISIX Dashboard conf plugins: [] authentication: