added traefik option for 'insecureSkipVerify'

This commit is contained in:
Michael Schietzsch 2022-03-04 15:02:54 +01:00
parent 6f6de884ec
commit 1da0724ab4
No known key found for this signature in database
GPG Key ID: 83C671A925EAD0EE
4 changed files with 14 additions and 0 deletions

View File

@ -101,6 +101,7 @@ resource "null_resource" "kustomization" {
location = var.location
traefik_acme_tls = var.traefik_acme_tls
traefik_acme_email = var.traefik_acme_email
insecureSkipVerify = var.insecureSkipVerify
})
destination = "/tmp/post_install/traefik.yaml"
}

View File

@ -24,6 +24,9 @@ spec:
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
%{ if insecureSkipVerify ~}
- "--serversTransport.insecureSkipVerify=true"
%{ endif ~}
%{ if traefik_acme_tls ~}
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"

View File

@ -78,3 +78,7 @@ load_balancer_type = "lb11"
# ]
# },
# ]
# If you want to configure traefik with "insecureSkipVerify". This might be required if your ingress is connecting to TLS services; see https://doc.traefik.io/traefik/routing/overview/#insecureskipverify
# You probably should not use this in production
# insecureSkipVerify = true

View File

@ -119,3 +119,9 @@ variable "extra_firewall_rules" {
default = []
description = "Additional firewall rules to apply to the cluster"
}
variable "insecureSkipVerify" {
type = bool
default = false
description = "Whether to set the insecureSkipVerify=true configuration with the Traefik configuration"
}