ContentSecurity
microgateway.airlock.com/v1alpha1
ContentSecurity specifies the options to secure an upstream web application with a Microgateway Engine container. Must be in same namespace as the protected Pod.
apiVersion: microgateway.airlock.com/v1alpha1
kind: ContentSecurity
metadata:
name: content-security-example
spec:
parserRef:
name: parser-example
limitsRef:
name: limits-example
headerRewritesRef:
name: header-rewrites-example
filter:
denyRulesRef:
name: deny-rules-example
apiProtection:
openAPIRef:
name: open-api-exampleapiVersion: microgateway.airlock.com/v1alpha1
kind: ContentSecurity
metadata:
name: default
spec:
filter: {}
apiProtection: {}ContentSecurity
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
metadata |
ObjectMeta | Refer to Kubernetes API documentation for fields of metadata |
yes | ||
| spec | object | Specifies the options to secure an upstream web application with a Microgateway Engine container. | no |
ContentSecurity.spec
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| apiProtection | object | APIProtection defines the relevant configurations to protect APIs. If undefined, default settings are applied, designed to work with most upstream web application services. | no | ||
| filter | object | Filter defines the set of filters, e.g. Airlock Deny Rules, to be applied to incoming requests to protect against various attack patterns. If undefined, default settings are applied, designed to work with most upstream web application services. | no | ||
| headerRewritesRef | object | HeaderRewritesRef selects the relevant HeaderRewrites. If undefined, default settings are applied, designed to work with most upstream web application services. | no | ||
| limitsRef | object | LimitsRef selects the relevant Limits configuration resource. If undefined, default settings are applied, designed to work with most upstream web application services. | no | ||
| parserRef | object | ParserRef selects the relevant Parser configuration resource. If undefined, default settings are applied, designed to work with most upstream web application services. | no |
ContentSecurity.spec.apiProtection
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| openAPIRef | object | OpenAPIRef selects the relevant OpenAPI configuration resource. If undefined, default settings are applied, designed to work with most upstream web application services. | no |
ContentSecurity.spec.apiProtection.openAPIRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
ContentSecurity.spec.filter
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| denyRulesRef | object | DenyRulesRef selects the relevant DenyRules configuration resource. If undefined, default settings are applied, designed to work with most upstream web application services. | no |
ContentSecurity.spec.filter.denyRulesRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
ContentSecurity.spec.headerRewritesRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
ContentSecurity.spec.limitsRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
ContentSecurity.spec.parserRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |