Support for AWS WAF

uc-cdis · Jun 27, 2024 · 93cfcaa · 93cfcaa
1 parent fbb69c9
commit 93cfcaa
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/helm/revproxy/templates/ingress_aws.yaml b/helm/revproxy/templates/ingress_aws.yaml
@@ -11,6 +11,9 @@ metadata:
     alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
     alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
     alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04
+    {{- if .Values.global.aws.wafv2.enabled }}
+    alb.ingress.kubernetes.io/wafv2-acl-arn: {{ .Values.global.aws.wafv2.wafAclArn }}
+    {{- end }}
 spec:
   ingressClassName: alb
   rules:

diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml
@@ -16,6 +16,12 @@ global:
     awsAccessKeyId:
     # -- (string) Credentials for AWS stuff.
     awsSecretAccessKey:
+    # -- (map) WAF configuration
+    wafv2:
+      # -- (bool) Set to true if using AWS WAFv2
+      enabled: false
+      # -- (string) ARN for the WAFv2 ACL.
+      wafAclArn:
   # -- (bool) Whether the deployment is for development purposes.
   dev: true