Traefik in Kubernetes: различия между версиями

Материал из Webko Wiki
Перейти к навигации Перейти к поиску
Строка 2: Строка 2:
  
 
=== TLS options ===
 
=== TLS options ===
 +
<span style="color:#ff0000 ">'''only one TLSOption per Kubernetes cluster'''</span>
 +
<syntaxhighlight lang="bash">
 +
kubectl -n default apply -f traefik_TLSopt.yaml
 +
</syntaxhighlight>
 
<syntaxhighlight lang="yaml">
 
<syntaxhighlight lang="yaml">
 
---
 
---
Строка 42: Строка 46:
 
     customResponseHeaders:
 
     customResponseHeaders:
 
       Server: ""        # Remove web server name and version  
 
       Server: ""        # Remove web server name and version  
 +
</syntaxhighlight>
 +
===Security middleware===
 +
<syntaxhighlight lang="yaml">
 +
---
 +
apiVersion: traefik.containo.us/v1alpha1
 +
kind: Middleware
 +
metadata:
 +
  name: security
 +
spec:
 +
  headers:
 +
    frameDeny: true
 +
    sslRedirect: true
 +
    browserXssFilter: true
 +
    contentTypeNosniff: true
 +
    #HSTS
 +
    stsIncludeSubdomains: true
 +
    stsPreload: true
 +
    stsSeconds: 31536000
 
</syntaxhighlight>
 
</syntaxhighlight>

Версия 23:39, 20 апреля 2022


TLS options

only one TLSOption per Kubernetes cluster 

kubectl -n default apply -f traefik_TLSopt.yaml

---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
  name: default
spec:
  minVersion: VersionTLS12
  cipherSuites:
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   # TLS 1.2
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    # TLS 1.2
    - TLS_AES_256_GCM_SHA384                  # TLS 1.3
    - TLS_CHACHA20_POLY1305_SHA256            # TLS 1.3

Headers

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: headers-back-office
spec:
  headers:
    accessControlAllowMethods:
      - "GET"
      - "OPTIONS"
      - "PUT"
      - "POST"
      - "DELETE"
    accessControlAllowHeaders:
      - '*'
    accessControlAllowOriginList:
      - "*"
    accessControlMaxAge: 100
    accessControlExposeHeaders:
      - '*'
    addVaryHeader: true
    customResponseHeaders:
      Server: ""        # Remove web server name and version

Security middleware

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: security
spec:
  headers:
    frameDeny: true
    sslRedirect: true
    browserXssFilter: true
    contentTypeNosniff: true
    #HSTS
    stsIncludeSubdomains: true
    stsPreload: true
    stsSeconds: 31536000
Источник — https://wiki.webko.net.ua/index.php?title=Traefik_in_Kubernetes&oldid=698