forked from geragcp/netmaker-k3s
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path08-ingress.yaml
86 lines (76 loc) · 1.6 KB
/
08-ingress.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: secheaders
namespace: netmaker
spec:
headers:
#HSTS
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
forceSTSHeader: true
sslRedirect: true
referrerPolicy: "same-origin"
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
accessControlAllowMethods: ["GET", "OPTIONS", "PUT"]
accessControlMaxAge: 100
customFrameOptionsValue: SAMEORIGIN
contentSecurityPolicy: frame-ancestors 'self'
permissionsPolicy: geolocation=(), microphone=()
referrerPolicy: no-referrer
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nm-api-ingress-nginx-tls
namespace: netmaker
spec:
entryPoints:
- websecure
routes:
- match: Host(`api.BASE_DOMAIN`)
kind: Rule
services:
- name: netmaker-api
port: 8081
tls:
certResolver: <cert-provider>
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nm-ui-ingress-nginx-tls
namespace: netmaker
spec:
entryPoints:
- websecure
routes:
- match: Host(`dashboard.BASE_DOMAIN`)
kind: Rule
services:
- name: netmaker-ui
port: 80
middlewares:
- name: secheaders
tls:
certResolver: <cert-provider>
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
namespace: netmaker
name: nm-mq-ingress-nginx-tls
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`broker.BASE_DOMAIN`)
services:
- name: netmaker-mq
port: 8883
tls:
passthrough: true