CR ContentSecurity

The Custom Resource ContentSecurity specifies the options to secure an upstream web application with a Microgateway Engine container. It does so by referencing various other CRs which cover different aspects of web application security.
If references are not explicitly configured, default settings designed to work with most upstream services will be applied.

List of referenceable CRs:

CR DenyRules – Configures request filtering using deny rules.
CR HeaderRewrites – Configures request and response header manipulations.
CR Parser – Configures content parsers.
CR Limits – Configures various size checks on requests.
API protection
- CR OpenAPI – Selects the relevant OpenAPI configuration resource.
- CR GraphQL – Selects the relevant GraphQL configuration resource.

The Microgateway Operator watches and reads the Custom Resources of type ContentSecurity and configures the Microgateway Engine accordingly.

Notice

This CR needs to be referenced in the CR SidecarGateway.

Example configuration

For the default and an example configuration, see CR ContentSecurity reference documentation.

Additional references from the CR ContentSecurity to other CRs may be required. See the list of referenceable CRs above.

Further information and links

API Reference:

CR ContentSecurity reference documentation

Internal links:

Labeling for sidecar injection Labels and annotations for Airlock Microgateway
Referenced by CR SidecarGateway