Kubernetes Traefik 路由规则及中间件 Traefik Middlewares 的配置 (k3s)
warning:
这篇文章距离上次修改已过252天,其中的内容可能已经有所变动。
# 引入Traefik的Helm chart
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
namespace: kube-system
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https-only
namespace: kube-system
spec:
headers:
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsSeconds: 31536000
frameDeny: true
customResponseHeaders:
Access-Control-Allow-Origin: "*"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: rate-limit
namespace: kube-system
spec:
rateLimit:
rateSet:
- period: 10s
average: 5
burst: 10
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: compression
namespace: kube-system
spec:
compress:
responseHeaderName: Content-Encoding
algorithms:
- gzip
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: hsts-header
namespace: kube-system
spec:
headers:
stsSeconds: 31536000
loadBalancerInfo:
responseHeader: X-Load-Balancer-ID
responseHeaderValue: "my-load-balancer-id"这个配置文件定义了几个Traefik的Middleware实体,它们分别设置了HTTPS重定向、安全头部设置、速率限制、压缩以及HSTS头部的相关参数。这些Middleware可以被应用到IngressRoute规则中去,以增强应用的安全性和性能。
评论已关闭