Trivernis
/
cluster-config
mirror of https://codeberg.org/Trivernis/cluster-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apps(sharkey): Add traefik security middlewares

Browse Source
main
trivernis 10 months ago
parent 36c59bae67
commit 1270e09e6d
Signed by: Trivernis
GPG Key ID: 7E6D18B61C8D2F4B
3 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
apps/sharkey/app.yaml
Unescape Escape View File

@ -14,4 +14,5 @@ resources:
- app/stackgres.yaml
- app/deploy.yaml
- app/service.yaml
- app/middleware.yaml
- app/route.yaml

29
apps/sharkey/app/middleware.yaml
Unescape Escape View File

@ -0,0 +1,29 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: circuit-breaker
namespace: sharkey
spec:
circuitBreaker:
expression: LatencyAtQuantileMS(50.0) > 200 || ResponseCodeRatio(500, 600, 0, 600) > 0.5
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ratelimit
namespace: sharkey
spec:
rateLimit:
average: 120
burst: 60
period: 1s
sourceCriterion:
ipStrategy:
excludedIPs:
- 127.0.0.1/32 # loopback
- 10.0.0.0/16 # bridge network
- 10.243.0.0/16 # cluster network
- 167.235.111.84 # lb
- 128.140.35.44 # node
- 5.75.144.230 # node
- 144.76.167.59 # node

2
apps/sharkey/app/route.yaml
Unescape Escape View File

@ -12,6 +12,8 @@ spec:
middlewares:
- name: strict-security-headers
namespace: default
- name: ratelimit
- name: circuit-breaker
services:
- name: sharkey
port: http

Write Preview
Loading…
Cancel
Save