1.1 KiB
1.1 KiB
Custom DH parameters for perfect forward secrecy
This example aims to demonstrate the deployment of an nginx ingress controller and use a ConfigMap to configure custom Diffie-Hellman parameters file to help with "Perfect Forward Secrecy".
Custom configuration
$ cat configmap.yaml
apiVersion: v1
data:
ssl-dh-param: "ingress-nginx/lb-dhparam"
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
$ kubectl create -f configmap.yaml
Custom DH parameters secret
$> openssl dhparam 1024 2> /dev/null | base64
LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...
$ cat ssl-dh-param.yaml
apiVersion: v1
data:
dhparam.pem: "LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ..."
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
$ kubectl create -f ssl-dh-param.yaml
Test
Check the contents of the configmap is present in the nginx.conf file using:
kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf