Update traefik options

* Traefik version updated from v1.7.19 to v1.7.28
* Force secure connections to use TLSv1.2 or greater

Change-Id: I65561358113952e3f60dc488b35ee8fa8f8da740
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
This commit is contained in:
Diogo Guerra 2021-03-26 16:55:00 +01:00
parent 42f8c97bbf
commit b4016783d5
5 changed files with 13 additions and 5 deletions

View File

@ -1247,7 +1247,7 @@ _`container_infra_prefix`
* docker.io/grafana/grafana:5.1.5 * docker.io/grafana/grafana:5.1.5
* docker.io/prom/node-exporter:latest * docker.io/prom/node-exporter:latest
* docker.io/prom/prometheus:latest * docker.io/prom/prometheus:latest
* docker.io/traefik:v1.7.10 * docker.io/traefik:v1.7.28
* gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1 * gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1
* gcr.io/google_containers/metrics-server-amd64:v0.3.6 * gcr.io/google_containers/metrics-server-amd64:v0.3.6
* k8s.gcr.io/node-problem-detector:v0.6.2 * k8s.gcr.io/node-problem-detector:v0.6.2

View File

@ -22,9 +22,8 @@ data:
address = ":80" address = ":80"
[entryPoints.https] [entryPoints.https]
address = ":443" address = ":443"
[entryPoints.metrics]
address = ":8082"
[entryPoints.https.tls] [entryPoints.https.tls]
minVersion = "VersionTLS12"
cipherSuites = [ cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
@ -44,6 +43,8 @@ data:
"TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA"
] ]
[entryPoints.metrics]
address = ":8082"
--- ---
kind: DaemonSet kind: DaemonSet
apiVersion: apps/v1 apiVersion: apps/v1

View File

@ -281,7 +281,7 @@ parameters:
traefik_ingress_controller_tag: traefik_ingress_controller_tag:
type: string type: string
description: tag of the traefik containers to be used. description: tag of the traefik containers to be used.
default: v1.7.19 default: v1.7.28
wait_condition_timeout: wait_condition_timeout:
type: number type: number

View File

@ -283,7 +283,7 @@ parameters:
traefik_ingress_controller_tag: traefik_ingress_controller_tag:
type: string type: string
description: tag of the traefik containers to be used. description: tag of the traefik containers to be used.
default: v1.7.19 default: v1.7.28
wait_condition_timeout: wait_condition_timeout:
type: number type: number

View File

@ -0,0 +1,7 @@
---
upgrade:
- |
Upgrade traefik version to v1.7.28
security:
- |
Force traefik https port connections to use TLSv1.2 or greater