diff --git a/tasks/main.yml b/tasks/main.yml index c997bc5..2f4a0bc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -89,8 +89,8 @@ tag: "{{ traefik_version }}" additionalArguments: - --configFile=/etc/traefik/traefik.yaml - podSecurityPolicy: - enabled: true +# podSecurityPolicy: +# enabled: true service: enabled: false ingressRoute: diff --git a/templates/traefik-files.yml.j2 b/templates/traefik-files.yml.j2 index aacb804..261a26e 100644 --- a/templates/traefik-files.yml.j2 +++ b/templates/traefik-files.yml.j2 @@ -16,10 +16,10 @@ data: burst: 50 security_headers: headers: - accessControlAllowMethods: ["GET", "OPTIONS", "PUT"] - accessControlAllowOrigin: "origin-list-or-null" - accessControlMaxAge: 100 - addVaryHeader: true + # accessControlAllowMethods: ["GET", "OPTIONS", "PUT"] + # accessControlAllowOrigin: "origin-list-or-null" + # accessControlMaxAge: 100 + # addVaryHeader: true browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true diff --git a/templates/traefik-middleware-ipwhitelist.yml.j2 b/templates/traefik-middleware-ipwhitelist.yml.j2 deleted file mode 100644 index 2e987a9..0000000 --- a/templates/traefik-middleware-ipwhitelist.yml.j2 +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: traefik-ipwhitelist -spec: - ipWhiteList: - sourceRange: -{% if ingress_whitelist is defined %} -{% for acl_whitelist in ingress_whitelist %} - - {{ acl_whitelist }} -{% endfor %} -{% endif %} \ No newline at end of file diff --git a/todo.sh b/todo.sh new file mode 100644 index 0000000..3cab209 --- /dev/null +++ b/todo.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +cat << 'EOF' | kubectl --context my_context apply -f - +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: traefik +spec: + controller: traefik.io/ingress-controller +EOF +