Traefik in Kubernetes: различия между версиями
Перейти к навигации
Перейти к поиску
Sol (обсуждение | вклад) |
Sol (обсуждение | вклад) |
||
Строка 2: | Строка 2: | ||
=== TLS options === | === TLS options === | ||
+ | <span style="color:#ff0000 ">'''only one TLSOption per Kubernetes cluster'''</span> | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | kubectl -n default apply -f traefik_TLSopt.yaml | ||
+ | </syntaxhighlight> | ||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
--- | --- | ||
Строка 42: | Строка 46: | ||
customResponseHeaders: | customResponseHeaders: | ||
Server: "" # Remove web server name and version | Server: "" # Remove web server name and version | ||
+ | </syntaxhighlight> | ||
+ | ===Security middleware=== | ||
+ | <syntaxhighlight lang="yaml"> | ||
+ | --- | ||
+ | apiVersion: traefik.containo.us/v1alpha1 | ||
+ | kind: Middleware | ||
+ | metadata: | ||
+ | name: security | ||
+ | spec: | ||
+ | headers: | ||
+ | frameDeny: true | ||
+ | sslRedirect: true | ||
+ | browserXssFilter: true | ||
+ | contentTypeNosniff: true | ||
+ | #HSTS | ||
+ | stsIncludeSubdomains: true | ||
+ | stsPreload: true | ||
+ | stsSeconds: 31536000 | ||
</syntaxhighlight> | </syntaxhighlight> |
Версия 22:39, 20 апреля 2022
TLS options
only one TLSOption per Kubernetes cluster
kubectl -n default apply -f traefik_TLSopt.yaml
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
Headers
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headers-back-office
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
- "DELETE"
accessControlAllowHeaders:
- '*'
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
accessControlExposeHeaders:
- '*'
addVaryHeader: true
customResponseHeaders:
Server: "" # Remove web server name and version
Security middleware
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security
spec:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
#HSTS
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000