diff --git a/docs/using-lagoon-the-basics/lagoon-yml.md b/docs/using-lagoon-the-basics/lagoon-yml.md index df2471efb3..cfce344991 100644 --- a/docs/using-lagoon-the-basics/lagoon-yml.md +++ b/docs/using-lagoon-the-basics/lagoon-yml.md @@ -293,6 +293,10 @@ You can of course also redirect to any other URL not hosted on Lagoon, this will #### Trusted Reverse Proxies +{% hint style="warning" %} +Kubernetes will only process a single `nginx.ingress.kubernetes.io/server-snippet` annotation. Please ensure that if you use this annotation on a non-production environment route that you also include the `add_header X-Robots-Tag "noindex, nofollow";` annotation as part of your server-snippet. This is needed to stop robots from crawling development environments as the default server-snippet set to prevent this in development environments in the ingress templates will get overwritten with any `server-snippets` set in .lagoon.yml. +{% endhint %} + Some configurations involve a reverse proxy \(like a CDN\) in front of the Kubernetes Clusters. In these configurations the IP of the Reverse Proxy will appear as the `REMOTE_ADDR` `HTTP_X_REAL_IP` `HTTP_X_FORWARDED_FOR` headers field in your applications. While the original IP of the requester can be found in the `HTTP_X_ORIGINAL_FORWARDED_FOR` header. If you like the original IP to appear in the `REMOTE_ADDR` `HTTP_X_REAL_IP` `HTTP_X_FORWARDED_FOR` headers, you need to tell the ingress which reverse proxy IPs you want to trust: @@ -426,7 +430,7 @@ As most of the time it is not desirable to run the same cron jobs across all env * You can specify `M` for the minute, and your cron job will run once per hour at a random minute \(the same minute each hour\), or `M/15` to run it every 15 mins, but with a random offset from the hour \(like `6,21,36,51`\). It is a good idea to spread out your cron jobs using this feature, rather than have them all fire off on minute `0`. * You can specify `H` for the hour, and your cron job will run once per day at a random hour \(the same hour every day\), or `H(2-4)` to run it once per day within the hours of 2-4. * Notes on timezones: - * The default timezone for cron jobs is UTC. + * The default timezone for cron jobs is UTC. * Native cron jobs will run in timezone of the node, which is UTC. * In-pod cron jobs == timezone of the pod it is running in, which defaults to UTC but may be different if you have configured it. * `command:` diff --git a/images/kubectl-build-deploy-dind/helmcharts/custom-ingress/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/custom-ingress/templates/ingress.yaml index 42430aeb1a..33600dd341 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/custom-ingress/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/custom-ingress/templates/ingress.yaml @@ -22,6 +22,10 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + {{- if eq .Values.environmentType "development"}} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; + {{- end }} monitor.stakater.com/enabled: "{{ .Values.ingressmonitorcontroller.enabled }}" uptimerobot.monitor.stakater.com/interval: "{{ .Values.ingressmonitorcontroller.interval }}" uptimerobot.monitor.stakater.com/alert-contacts: "{{ .Values.ingressmonitorcontroller.alertContacts }}" diff --git a/images/kubectl-build-deploy-dind/helmcharts/nginx-php-persistent/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/nginx-php-persistent/templates/ingress.yaml index b52ad50766..796f12d3f3 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/nginx-php-persistent/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/nginx-php-persistent/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "nginx-php-persistent.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/nginx-php/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/nginx-php/templates/ingress.yaml index 4042a541d3..3b6a678c37 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/nginx-php/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/nginx-php/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "nginx-php.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/nginx/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/nginx/templates/ingress.yaml index 35f0f41237..cae3b8b2d7 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/nginx/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/nginx/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "nginx.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/node-persistent/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/node-persistent/templates/ingress.yaml index 8368f4e6ac..62bcb23f6e 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/node-persistent/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/node-persistent/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "node-persistent.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/node/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/node/templates/ingress.yaml index 19b586ec0a..a3a41ec9e2 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/node/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/node/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "node.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/python/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/python/templates/ingress.yaml index 67bde8c4be..7d3582c373 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/python/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/python/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "python.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/varnish-persistent/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/varnish-persistent/templates/ingress.yaml index 6f70ebe95a..05c1bcf871 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/varnish-persistent/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/varnish-persistent/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "varnish-persistent.annotations" . | nindent 4 }} spec: diff --git a/images/kubectl-build-deploy-dind/helmcharts/varnish/templates/ingress.yaml b/images/kubectl-build-deploy-dind/helmcharts/varnish/templates/ingress.yaml index 2f158d8831..a2509d261c 100644 --- a/images/kubectl-build-deploy-dind/helmcharts/varnish/templates/ingress.yaml +++ b/images/kubectl-build-deploy-dind/helmcharts/varnish/templates/ingress.yaml @@ -19,6 +19,8 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true" {{- end }} + nginx.ingress.kubernetes.io/server-snippet: |- + add_header X-Robots-Tag "noindex, nofollow"; kubernetes.io/tls-acme: "true" {{- include "varnish.annotations" . | nindent 4 }} spec: