Traefik in Kubernetes: различия между версиями
Перейти к навигации
Перейти к поиску
Sol (обсуждение | вклад) |
Sol (обсуждение | вклад) |
||
| Строка 20: | Строка 20: | ||
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3 | - TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | [[TLS check]] | ||
=== Headers === | === Headers === | ||
Текущая версия на 22:43, 20 апреля 2022
TLS options
only one TLSOption per Kubernetes cluster
kubectl -n default apply -f traefik_TLSopt.yaml
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
Headers
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headers-back-office
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
- "DELETE"
accessControlAllowHeaders:
- '*'
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
accessControlExposeHeaders:
- '*'
addVaryHeader: true
customResponseHeaders:
Server: "" # Remove web server name and version
Security middleware
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security
spec:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
#HSTS
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000