The Custom Resource ContentSecurityPolicy
is a Direct Policy Attachment for the K8s Gateway API. It specifies the options to secure an upstream web application with an Airlock Microgateway. It does so by referencing various other CRs that cover different customized aspects of web application security.
If references are not explicitly configured, default settings designed to work with most upstream services will be applied.
For sidecar-based Microgateway installations, see CR ContentSecurityPolicy.
- List of referenceable CRs:
- CR DenyRules – Configures request filtering using deny rules.
- CR HeaderRewrites – Configures request and response header manipulations.
- CR Parser – Configures content parsers.
- CR Limits – Configures various size checks on requests.
- API protection
- CR OpenAPI – Selects the relevant OpenAPI configuration resource.
- CR GraphQL – Selects the relevant GraphQL configuration resource.
The Microgateway Operator watches and reads the Custom Resources of type ContentSecurity
and configures the Microgateway Engine accordingly.