Fabric-Analytics-MCP

# Ingress for Microsoft Fabric Analytics MCP Server apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: fabric-analytics-mcp-ingress namespace: fabric-mcp labels: app: fabric-analytics-mcp annotations: # NGINX Ingress Controller annotations kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # SSL/TLS configuration cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.2 TLSv1.3" nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384" # Security headers nginx.ingress.kubernetes.io/server-snippet: | add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';" always; # Rate limiting nginx.ingress.kubernetes.io/rate-limit: "100" nginx.ingress.kubernetes.io/rate-limit-window: "1m" # CORS configuration nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "*" nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS" nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" # Connection and timeout settings nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" nginx.ingress.kubernetes.io/proxy-send-timeout: "60" nginx.ingress.kubernetes.io/proxy-read-timeout: "60" nginx.ingress.kubernetes.io/proxy-body-size: "10m" # Load balancing nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr" nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/affinity-mode: "balanced" spec: tls: - hosts: - fabric-mcp.your-domain.com - api.fabric-mcp.your-domain.com secretName: fabric-mcp-tls-secret rules: - host: fabric-mcp.your-domain.com http: paths: - path: / pathType: Prefix backend: service: name: fabric-analytics-mcp-service port: number: 80 - host: api.fabric-mcp.your-domain.com http: paths: - path: / pathType: Prefix backend: service: name: fabric-analytics-mcp-service port: number: 80 --- # Azure Application Gateway Ingress (alternative to NGINX) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: fabric-analytics-mcp-appgw-ingress namespace: fabric-mcp labels: app: fabric-analytics-mcp annotations: kubernetes.io/ingress.class: azure/application-gateway appgw.ingress.kubernetes.io/ssl-redirect: "true" appgw.ingress.kubernetes.io/connection-draining: "true" appgw.ingress.kubernetes.io/connection-draining-timeout: "30" appgw.ingress.kubernetes.io/cookie-based-affinity: "true" appgw.ingress.kubernetes.io/request-timeout: "30" appgw.ingress.kubernetes.io/backend-path-prefix: "/" spec: tls: - hosts: - fabric-mcp-appgw.your-domain.com secretName: fabric-mcp-appgw-tls-secret rules: - host: fabric-mcp-appgw.your-domain.com http: paths: - path: / pathType: Prefix backend: service: name: fabric-analytics-mcp-service port: number: 80