[ci skip] Fix HTTPS backend proxying for reverse-proxy services
- Add insecureSkipVerify=true globally for self-signed backend certs - Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS - Add ServersTransport CRD for per-service insecureSkipVerify - Add serversscheme/serverstransport annotations to reverse-proxy factory
This commit is contained in:
Viktor Barzin
parent
4d0d2a3568
commit
d4cf63dce9
3 changed files with 23 additions and 2 deletions
|
|
@ -156,6 +156,23 @@ resource "kubernetes_manifest" "tls_option_mtls" {
|
|||
depends_on = [helm_release.traefik]
|
||||
}
|
||||
|
||||
# ServersTransport for backends with self-signed certificates
|
||||
resource "kubernetes_manifest" "servers_transport_insecure" {
|
||||
manifest = {
|
||||
apiVersion = "traefik.io/v1alpha1"
|
||||
kind = "ServersTransport"
|
||||
metadata = {
|
||||
name = "insecure-skip-verify"
|
||||
namespace = kubernetes_namespace.traefik.metadata[0].name
|
||||
}
|
||||
spec = {
|
||||
insecureSkipVerify = true
|
||||
}
|
||||
}
|
||||
|
||||
depends_on = [helm_release.traefik]
|
||||
}
|
||||
|
||||
# Immich-specific rate limit (higher limits for photo uploads)
|
||||
resource "kubernetes_manifest" "middleware_immich_rate_limit" {
|
||||
manifest = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue