Browse Source

Update traefik options

* Traefik version updated from v1.7.19 to v1.7.28
* Force secure connections to use TLSv1.2 or greater

Change-Id: I65561358113952e3f60dc488b35ee8fa8f8da740
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
changes/90/783390/1
Diogo Guerra 3 months ago
parent
commit
b4016783d5
5 changed files with 13 additions and 5 deletions
  1. +1
    -1
      doc/source/user/index.rst
  2. +3
    -2
      magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh
  3. +1
    -1
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  4. +1
    -1
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
  5. +7
    -0
      releasenotes/notes/update-traefik-min-tls-protocol-de7e36de90c1a2f3.yaml

+ 1
- 1
doc/source/user/index.rst View File

@ -1247,7 +1247,7 @@ _`container_infra_prefix`
* docker.io/grafana/grafana:5.1.5
* docker.io/prom/node-exporter:latest
* docker.io/prom/prometheus:latest
* docker.io/traefik:v1.7.10
* docker.io/traefik:v1.7.28
* gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1
* gcr.io/google_containers/metrics-server-amd64:v0.3.6
* k8s.gcr.io/node-problem-detector:v0.6.2


+ 3
- 2
magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh View File

@ -22,9 +22,8 @@ data:
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.metrics]
address = ":8082"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
@ -44,6 +43,8 @@ data:
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA"
]
[entryPoints.metrics]
address = ":8082"
---
kind: DaemonSet
apiVersion: apps/v1


+ 1
- 1
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@ -281,7 +281,7 @@ parameters:
traefik_ingress_controller_tag:
type: string
description: tag of the traefik containers to be used.
default: v1.7.19
default: v1.7.28
wait_condition_timeout:
type: number


+ 1
- 1
magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml View File

@ -283,7 +283,7 @@ parameters:
traefik_ingress_controller_tag:
type: string
description: tag of the traefik containers to be used.
default: v1.7.19
default: v1.7.28
wait_condition_timeout:
type: number


+ 7
- 0
releasenotes/notes/update-traefik-min-tls-protocol-de7e36de90c1a2f3.yaml View File

@ -0,0 +1,7 @@
---
upgrade:
- |
Upgrade traefik version to v1.7.28
security:
- |
Force traefik https port connections to use TLSv1.2 or greater

Loading…
Cancel
Save