KubeDB
Run Production-Grade Databases on Kubernetes
arrow_forward
Stash
Backup and Recovery Solution for Kubernetes
arrow_forward
KubeVault
Run Production-Grade Vault on Kubernetes
arrow_forward
Voyager
Secure Ingress Controller for Kubernetes
arrow_forward
ConfigSyncer
Kubernetes Configuration Syncer
arrow_forward
Guard
Kubernetes Authentication WebHook Server
arrow_forward
KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud
- task_altLower administrative burden
- task_altNative Kubernetes Support
- task_altPerformance
- task_altAvailability and durability
- task_altManageability
- task_altCost-effectiveness
- task_altSecurity
A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.
- task_altDeclarative API
- task_altBackup Kubernetes Volumes
- task_altBackup Database
- task_altMultiple Storage Support
- task_altDeduplication
- task_altData Encryption
- task_altVolume Snapshot
- task_altPolicy Based Backup
KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.
- task_altVault Kubernetes Deployment
- task_altAuto Initialization & Unsealing
- task_altVault Backup & Restore
- task_altConsume KubeVault Secrets with CSI
- task_altManage DB Users Privileges
- task_altStorage Backend
- task_altAuthentication Method
- task_altDatabase Secret Engine
Secure Ingress Controller for Kubernetes
- task_altHTTP & TCP
- task_altSSL
- task_altPlatform support
- task_altHAProxy
- task_altPrometheus
- task_altLet's Encrypt
Kubernetes Configuration Syncer
- task_altConfiguration Syncer
Kubernetes Authentication WebHook Server
- task_altIdentity Providers
- task_altCLI
- task_altRBAC
RESOURCES
Blog
Docs
Webinars
Learn
Demos
Webinar New

You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

HSTS

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

The HSTS Policy is communicated by the server to the user agent via an HTTPS response header field named “Strict-Transport-Security”. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

voyager can insert HSTS header in http response if configured via ingress annotations.

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: my-voyager
  namespace: default
  annotation:
    ingress.kubernetes.io/hsts: "true"
    ingress.kubernetes.io/hsts-preload: "true"
    ingress.kubernetes.io/hsts-include-subdomains: "true"
    ingress.kubernetes.io/hsts-max-age: 100
spec:
  tls:
    - secretName: test-secret
    hosts: foo.bar.com
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /two
        backend:
          serviceName: server-2
          servicePort: 9090

Applying the annotation in ingress will have the following effects, will add the HSTS Header in the response.

$ curl -v -X 'GET' -k 'http://foo.bar.com'
Strict-Transport-Security: max-age=100; includeSubDomains; preload

Improve This Page

KubeDB

Stash

KubeVault

Voyager

ConfigSyncer

Guard

RESOURCES

Certificate

Ingress

HSTS

What's on this Page

Search

Have any Inquiry?

Products

Services

Company

Legal