Skip to content

Fix ingress annotations related to modSecurity

Zamir Martins requested to merge fix_modsecurity_annotation_by_renaming_it into master

Found while working on this issue.

Context

It seems that there is a conflict with ingress.modSecurity which is used by ingress template.

There is no explicit error but while debugging the issue I noticed that any key under ingress.modSecurity has no value.

Steps to reproduce*

  1. Setup a project with autodevops.
  2. Bundle auto-deploy-app chart as described here.
  3. Enable modSecurity by changing this value to true.
  4. After running the pipeline you will have the following results:
kubectl get ingress -n $(kubectl get ingress --all-namespaces --no-headers=true -o custom-columns=:metadata.namespace,:metadata.name) -o custom-columns=ANNOTATIONS:metadata.annotations
ANNOTATIONS
map[kubernetes.io/ingress.class:nginx kubernetes.io/tls-acme:true]

Where the expected output would be:

kubectl get ingress -n $(kubectl get ingress --all-namespaces --no-headers=true -o custom-columns=:metadata.namespace,:metadata.name) -o custom-columns=ANNOTATIONS:metadata.annotations
ANNOTATIONS
map[kubernetes.io/ingress.class:nginx kubernetes.io/tls-acme:true nginx.ingress.kubernetes.io/modsecurity-snippet:SecRuleEngine DetectionOnly]

*Similar result can be achieved by using the default chart while changing values through .gitlab/auto-deploy-values.yaml.

Although it would be interesting to understand the underlying issue, renaming the key modSecurity to modSec solves the issue.

Merge request reports