K
Q

nginx-ingress - enable legacy TLS using annotations

5/23/2020

The default method documented for enabling legacy TLS is using config maps:

https://kubernetes.github.io/ingress-nginx/user-guide/tls/#legacy-tls

Is it possible to add this support using ingress annotations?

-- adnan kamili
kubernetes
kubernetes-ingress
nginx-ingress

Similar Questions

cant run mysql statefulset in kubernetes
Spark executor is not releasing the memory after job execution
The APNS PushNotifcation Service is thorwing "Remote host closed connection during handshake"
Kubernetes Node Resets on GKE

1 Answer

5/23/2020

You should be able to do it via a custom configuration snippet annotation. For example:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
spec:
  backend:
    serviceName: my-service
    servicePort: 80
-- Utku Ă–zdemir
Source: StackOverflow