openstack
/
magnum
Code Issues Proposed changes
Browse Source

Merge "Set a fixed cipher suite set for Traefik"

changes/73/642873/3
Zuul 2 years ago
committed by Gerrit Code Review
parent
f5a2cba743 470fc261d5
commit
7911baac18
1 changed files with 47 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +47
    -6
      magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh

+ 47
- 6
magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh View File

@ -1,6 +1,45 @@
INGRESS_TRAEFIK_MANIFEST=/srv/magnum/kubernetes/ingress-traefik.yaml
INGRESS_TRAEFIK_MANIFEST_CONTENT=$(cat <<EOF
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ingress-traefik
namespace: kube-system
labels:
k8s-app: ingress-traefik-backend
data:
traefik.toml: |-
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[api]
[kubernetes]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA"
]
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
@ -32,12 +71,14 @@ spec:
containerPort: 8080
securityContext:
privileged: true
args:
- --api
- --logLevel=INFO
- --kubernetes
- --entrypoints=Name:http Address::80
- --entrypoints=Name:https Address::443 TLS
volumeMounts:
- name: ingress-traefik
mountPath: /etc/traefik/traefik.toml
subPath: traefik.toml
volumes:
- name: ingress-traefik
configMap:
name: ingress-traefik
nodeSelector:
role: ${INGRESS_CONTROLLER_ROLE}
---


Write Preview
Loading…
Cancel
Save