openstack
/
magnum
Code Issues Proposed changes
Browse Source

Merge "Set a fixed cipher suite set for Traefik"

changes/73/642873/3
Zuul 3 years ago committed by Gerrit Code Review
parent
f5a2cba743 470fc261d5
commit
7911baac18
1 changed files with 47 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 53
      magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh

53
magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh
Unescape View File

@ -1,6 +1,45 @@
INGRESS_TRAEFIK_MANIFEST=/srv/magnum/kubernetes/ingress-traefik.yaml
INGRESS_TRAEFIK_MANIFEST_CONTENT=$(cat <<EOF
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ingress-traefik
namespace: kube-system
labels:
k8s-app: ingress-traefik-backend
data:
traefik.toml: |-
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[api]
[kubernetes]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA"
]
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
@ -32,12 +71,14 @@ spec:
containerPort: 8080
securityContext:
privileged: true
args:
- --api
- --logLevel=INFO
- --kubernetes
- --entrypoints=Name:http Address::80
- --entrypoints=Name:https Address::443 TLS
volumeMounts:
- name: ingress-traefik
mountPath: /etc/traefik/traefik.toml
subPath: traefik.toml
volumes:
- name: ingress-traefik
configMap:
name: ingress-traefik
nodeSelector:
role: ${INGRESS_CONTROLLER_ROLE}
---

Write Preview
Loading…
Cancel
Save