apiVersion: v1 kind: ConfigMap metadata: name: fibrecensus-config namespace: default data: logback.xml: | <!-- https://www.playframework.com/documentation/latest/SettingsLogger --> <configuration> <conversionRule conversionWord="coloredLevel" converterClass="play.api.libs.logback.ColoredLevel" /> <appender name="FILE" class="ch.qos.logback.core.FileAppender"> <file>${application.home:-.}/logs/application.log</file> <encoder> <pattern>%date [%level] from %logger in %thread - %message%n%xException</pattern> </encoder> </appender> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder> <pattern>%coloredLevel %logger{15} - %message%n%xException{10}</pattern> </encoder> </appender> <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender"> <appender-ref ref="FILE" /> </appender> <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender"> <appender-ref ref="STDOUT" /> </appender> <logger name="play" level="INFO" /> <logger name="application" level="DEBUG" /> <!-- Off these ones as they are annoying, and anyway we manage configuration ourselves --> <logger name="com.avaje.ebean.config.PropertyMapLoader" level="OFF" /> <logger name="com.avaje.ebeaninternal.server.core.XmlConfigLoader" level="OFF" /> <logger name="com.avaje.ebeaninternal.server.lib.BackgroundThread" level="OFF" /> <logger name="com.gargoylesoftware.htmlunit.javascript" level="OFF" /> <root level="WARN"> <appender-ref ref="ASYNCFILE" /> <appender-ref ref="ASYNCSTDOUT" /> </root> </configuration> application.conf: | # This is the main configuration file for the application. akka { # "akka.log-config-on-start" is extraordinarly useful because it log the complete # configuration at INFO level, including defaults and overrides, so it s worth # putting at the very top. # # Put the following in your conf/logback.xml file: # # <logger name="akka.actor" level="INFO" /> # # And then uncomment this line to debug the configuration. # #log-config-on-start = true } ## Secret key # http://www.playframework.com/documentation/latest/ApplicationSecret # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. play.http.secret.key = "${?APP_SECRET}" # Play comes with its own i18n settings, which allow the user's preferred language # to map through to internal messages, or allow the language to be stored in a cookie. play.i18n { # The application languages langs = [ "en" ] # Whether the language cookie should be secure or not #langCookieSecure = true # Whether the HTTP only attribute of the cookie should be set to true #langCookieHttpOnly = true } ## Play HTTP settings # ~~~~~ play.http { session { # Sets the cookie to be sent only over HTTPS. #secure = true # Sets the cookie to be accessed only by the server. #httpOnly = true # Sets the max-age field of the cookie to 5 minutes. # NOTE: this only sets when the browser will discard the cookie. Play will consider any # cookie value with a valid signature to be a valid session forever. To implement a server side session timeout, # you need to put a timestamp in the session and check it at regular intervals to possibly expire it. #maxAge = 300 # Sets the domain on the session cookie. #domain = "example.com" } flash { # Sets the cookie to be sent only over HTTPS. #secure = true # Sets the cookie to be accessed only by the server. #httpOnly = true } } ## Netty Provider # https://www.playframework.com/documentation/latest/SettingsNetty # ~~~~~ play.server.netty { # Whether the Netty wire should be logged #log.wire = true # If you run Play on Linux, you can use Netty's native socket transport # for higher performance with less garbage. #transport = "native" } ## Filters # https://www.playframework.com/documentation/latest/ScalaHttpFilters # https://www.playframework.com/documentation/latest/JavaHttpFilters # ~~~~~ # Filters run code on every request. They can be used to perform # common logic for all your actions, e.g. adding common headers. # play.filters { # Enabled filters are run automatically against Play. # CSRFFilter, AllowedHostFilters, and SecurityHeadersFilters are enabled by default. disabled += CSRFFilter disabled += AllowedHostFilters # Disabled filters remove elements from the enabled list. #disabled += filters.ExampleFilter } ## Filter Configuration # https://www.playframework.com/documentation/latest/Filters # ~~~~~ # There are a number of built-in filters that can be enabled and configured # to give Play greater security. # play.filters { ## CORS filter configuration # https://www.playframework.com/documentation/latest/CorsFilter # ~~~~~ # CORS is a protocol that allows web applications to make requests from the browser # across different domains. # NOTE: You MUST apply the CORS configuration before the CSRF filter, as CSRF has # dependencies on CORS settings. cors { # Filter paths by a whitelist of path prefixes #pathPrefixes = ["/some/path", ...] # The allowed origins. If null, all origins are allowed. #allowedOrigins = ["http://www.example.com"] # The allowed HTTP methods. If null, all methods are allowed #allowedHttpMethods = ["GET", "POST"] } ## CSRF Filter # https://www.playframework.com/documentation/latest/ScalaCsrf#Applying-a-global-CSRF-filter # https://www.playframework.com/documentation/latest/JavaCsrf#Applying-a-global-CSRF-filter # ~~~~~ # Play supports multiple methods for verifying that a request is not a CSRF request. # The primary mechanism is a CSRF token. This token gets placed either in the query string # or body of every form submitted, and also gets placed in the users session. # Play then verifies that both tokens are present and match. csrf { # Sets the cookie to be sent only over HTTPS #cookie.secure = true # Defaults to CSRFErrorHandler in the root package. #errorHandler = MyCSRFErrorHandler } ## Security headers filter configuration # https://www.playframework.com/documentation/latest/SecurityHeaders # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: headers { # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" # The X-XSS-Protection header. If null, the header is not set. #xssProtection = "1; mode=block" # The X-Content-Type-Options header. If null, the header is not set. #contentTypeOptions = "nosniff" # The X-Permitted-Cross-Domain-Policies header. If null, the header is not set. #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. #contentSecurityPolicy = "default-src 'self'" contentSecurityPolicy = null } ## Allowed hosts filter configuration # https://www.playframework.com/documentation/latest/AllowedHostsFilter # ~~~~~ # Play provides a filter that lets you configure which hosts can access your application. # This is useful to prevent cache poisoning attacks. hosts { # Allow requests to example.com, its subdomains, and localhost:9000. #allowed = [".example.com", "localhost:9000"] allowed = ["."] } } elasticsearch { hostname = "fc-elasticsearch" #this must line up with elasticsearch-service.yaml port = 9200 ssl = false indexName = "fibre-census" }