Traefik in Kubernetes
TLS options
only one TLSOption per Kubernetes cluster
kubectl -n default apply -f traefik_TLSopt.yaml
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
Headers
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headers-back-office
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
- "DELETE"
accessControlAllowHeaders:
- '*'
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
accessControlExposeHeaders:
- '*'
addVaryHeader: true
customResponseHeaders:
Server: "" # Remove web server name and version
Security middleware
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security
spec:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
#HSTS
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000