Change: Ingress External selector & tlsoptions

This commit is contained in:
nold 2022-01-11 22:02:12 +01:00
parent ada6725215
commit 703e9e8052
2 changed files with 28 additions and 16 deletions

View file

@ -6,7 +6,12 @@ providers:
kubernetesCRD: kubernetesCRD:
ingressClass: external ingressClass: external
globalArguments: [] kubernetesIngress:
labelSelector: environment=external
namespaces:
- drone
- nextcloud
- gitea
ports: ports:
web: web:
@ -15,6 +20,28 @@ ports:
tls: tls:
enabled: true enabled: true
globalArguments: []
additionalArguments:
- "--providers.kubernetesingress.ingressclass=ingress-external"
ingressRoute:
dashboard:
enabled: false
tlsOptions:
default:
preferServerCipherSuites: true
minVersion: VersionTLS12
sniStrict: true
cipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
service: service:
enabled: true enabled: true
type: LoadBalancer type: LoadBalancer

View file

@ -1,15 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: kube-system
spec:
minVersion: VersionTLS12
sniStrict: true
cipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384