Skip to content

Commit

Permalink
Enable HSTS on OCP route
Browse files Browse the repository at this point in the history
This change adds the required annotation to the OCP route to enable HSTS
headers as per:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/networking/configuring-routes\#nw-enabling-hsts_route-configuration

Signed-off-by: Brendan Shephard <[email protected]>
  • Loading branch information
bshephar committed May 29, 2024
1 parent 9d2609b commit 6d5523f
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions controllers/horizon_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,11 @@ func (r *HorizonReconciler) reconcileInit(
svcOverride.EmbeddedLabelsAnnotations = &service.EmbeddedLabelsAnnotations{}
}

// Enable HSTS on Route
svcOverride.AddAnnotation(map[string]string{
"haproxy.router.openshift.io/hsts_header": "max-age=31536000;includeSubDomains;preload",
})

servicePort := corev1.ServicePort{
Name: endpointName,
Port: horizon.HorizonPort,
Expand Down

0 comments on commit 6d5523f

Please sign in to comment.