Wong Hoi Sing Edison 6d3e9ea7d0 Fixup #2970 : Add Missing Label app.kubernetes.io/part-of: ingress-nginx

-    Add missing label `app.kubernetes.io/part-of: ingress-nginx` for deploy example
-    Update new labels for docs/deploy and docs/examples
-    Update new labels for test/e2e and test/manifests
-    Update new labels for images/nginx

Also close #3001

2018-09-05 11:48:29 +08:00

1.2 KiB

Raw Blame History

Custom DH parameters for perfect forward secrecy

This example aims to demonstrate the deployment of an nginx ingress controller and use a ConfigMap to configure custom Diffie-Hellman parameters file to help with "Perfect Forward Secrecy".

Custom configuration

$ cat configmap.yaml
apiVersion: v1
data:
  ssl-dh-param: "ingress-nginx/lb-dhparam"
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

$ kubectl create -f configmap.yaml

Custom DH parameters secret

$> openssl dhparam 1024 2> /dev/null | base64
LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...

$ cat ssl-dh-param.yaml
apiVersion: v1
data:
  dhparam.pem: "LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ..."
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

$ kubectl create -f ssl-dh-param.yaml

Test

Check the contents of the configmap is present in the nginx.conf file using: kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf

1.2 KiB Raw Blame History

Custom DH parameters for perfect forward secrecy

Custom configuration

Custom DH parameters secret

Test

1.2 KiB

Raw Blame History