Skip To Content
ArcGIS Developers
Dashboard

Ingress

Description

This resource returns the currently configured security information for the Ingress controller. Ingress security configuration properties can be updated using the update operation. The update operation must also be used when adding an imported wildcard certificate that will be used by the Ingress controller.

Request parameters

ParameterDetails
f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails
cipherSuites

The cipher suites, in OpenSSL format, used by the Ingress controller. The cipher suites listed below (in both OpenSSL and IANA format) are configured by default and work for TLSv1.2 and TLSv1.3. If TLS protocols TLSv1 or TLSv1.1 are specified in the httpsProtocols property, the cipher suites will need to be updated accordingly.

  • ECDHE-ECDSA-AES128-GCM-SHA256 [IANA: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
  • ECDHE-RSA-AES128-GCM-SHA256 [IANA: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
  • ECDHE-ECDSA-AES256-GCM-SHA384 [IANA: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384]
  • ECDHE-RSA-AES256-GCM-SHA384 [IANA: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
  • ECDHE-ECDSA-CHACHA20-POLY1305 [IANA: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256]
  • ECDHE-RSA-CHACHA20-POLY1305 [IANA: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]
httpsProtocols

A comma-separated list that specifies the TLS protocols the Ingress controller will support. TLSv1.2 is enabled by default. Protocol values TLSv1, TLSv1.1, and TLSv1.3 are also supported.

tlsSecretName

The name of a user-defined TLS secret that exists in the same namespace as ArcGIS Enterprise on Kubernetes, which contains the wildcard certificate that will be used by the Ingress controller. This property must be specified if isTlsSecretSystemManaged is set to false.

identityCertificateName

Specifies the identity wildcard certificate that will be used by the Ingress controller. The certificate must have already been imported and given an alias. The alias of the imported certificate will be passed as the value for this property. This property must be set if isTlsSecretSystemManaged is true.

hstsEnabled

A boolean that indicates if HTTP Strict Transport Security (HSTS) is enabled by the Ingress controller.

Values: true | false

isTlsSecretSystemManaged

Specifies where the identity certificate used by the Ingress controller is stored. If true, the identityCertificateName must be updated set to use the alias of an already imported identity certificate. If false, a user-defined TLS secret must already exist and a tlsSecretName value must be specified to match the name of the TLS secret.

Values: true | false

Example usage

The following is a sample request URL used to access the ingress resource:

https://organization.domain.com/context/admin/security/ingress?f=pjson

JSON Response example

{
  "cipherSuites": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA",
  "httpsProtocols": "TLSv1.2 TLSv1.3",
  "tlsSecretName": "arcgis-ingress-cert",
  "identityCertificateName": "ingress",
  "hstsEnabled": false,
  "isTlsSecretSystemManaged": true
}