Update traefik deployment + add crowdsec bouncer

2022-06-05 11:27:24 +02:00 · 2022-06-05 11:27:24 +02:00 · 6def4562ad
commit 6def4562ad
parent 736ac64ff0
4 changed files with 46 additions and 10 deletions
--- a/templates/traefik-files.yml.j2
+++ b/templates/traefik-files.yml.j2
@ -7,14 +7,14 @@ data:
  traefik-middlewares.yaml: |
    http:
      middlewares:
-        test_chain:
+        min_security:
          chain:
            middlewares:
-              - rate-limit
              - security_headers
 {% if ingress_whitelist is defined %}
              - traefik-ipwhitelist
 {% endif %}
+              - rate-limit
              - compress
 {% if basic_auth|bool %}
              - basic-auth
@ -41,9 +41,8 @@ data:
            stsPreload: true
            customFrameOptionsValue: "SAMEORIGIN"
            referrerPolicy: "same-origin"
-            featurePolicy: "vibrate 'self'"
+            permissionsPolicy: "vibrate 'self'"
            stsSeconds: 315360000
-            sslRedirect: true
            contentSecurityPolicy: "default-src 'self' 'unsafe-inline'"
    #        customResponseHeaders:
    #          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
@ -84,7 +83,7 @@ data:
              - "Remote-Email"
        crowdsec-bouncer:
          forwardAuth:
-            address: "http://crowdsec-traefik-bouncer:8080/api/v1/forwardAuth
+            address: "http://crowdsec-traefik-bouncer-service/api/v1/forwardAuth"
            trustForwardHeader: true

  traefik-tls-defaults-options.yaml: |