针对kubernetes的Traefik ipwhitelist中间件示例
[英]Traefik ipwhitelist middleware example for kubernetes
问题描述
I'm having trouble putting using Traefik's IPWhitelist middleware in my kubernetes (1.14) cluster. 
我在我的kubernetes(1.14)集群中使用Traefik的IPWhitelist中间件时遇到了麻烦。
I'm using the DaemonSet config from here: 我从这里使用DaemonSet配置:
https://docs.traefik.io/user-guide/kubernetes/
I'd like to apply this whitelist to all traffic in/out of the cluster. 我想将此白名单应用于群集中的所有流量。
- Howto apply to all traffic? 如何适用于所有流量?
- Can I use an annotation instead of an IngressRoute? 我可以使用注释而不是IngressRoute吗?
- Is there an example or documentation I missed? 我错过了一个例子或文件吗?
Thank you! 谢谢!
Here's what I have so far: 这是我到目前为止所拥有的:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: cloudflare-whitelist
spec:
ipWhiteList:
sourceRange:
- 2400:cb00::/32
...
- 131.0.72.0/22
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: allup
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
tls:
- secretName: cloudflare-tls-cert
rules:
- host: example.com
http:
paths:
- path: /
backend:
serviceName: app-www-service
servicePort: http
- host: stuff.example.com
http:
paths:
- path: /
backend:
serviceName: app-stuff-service
servicePort: http
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: cloudflare-whitelist
namespace: ingress
spec:
entryPoints:
- web # <- what is this for?
routes:
- match: Host(`example.com`) # <- Howto apply to all ingress?
kind: Rule
middlewares:
- name: cloudflare-whitelist
- match: Host(`stuff.example.com`)
kind: Rule
middlewares:
- name: cloudflare-whitelist
- Howto apply to all traffic? 如何适用于所有流量?
- Can I use an annotation instead of an IngressRoute? 我可以使用注释而不是IngressRoute吗?
- Is there an example or documentation I missed? 我错过了一个例子或文件吗?
Thank you! 谢谢!
1 个解决方案
解决方案1
0 2019-06-14 20:44:43
Ok, here's what I found, from the helpful peeps on Traefik Slack. 好的,这是我发现的,来自Traefik Slack的有用窥视。 The code above is for Traefik v2.0 which is still in Alpha. 上面的代码适用于仍在Alpha中的Traefik v2.0。
For Traefik 1.7 (the current release referenced in the Kubernetes Guide as I write this) 对于Traefik 1.7(当我写这篇文章时, Kubernetes指南中引用的当前版本 )
For 1.7, use regular annotations 对于1.7,使用常规注释
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: allup
annotations:
traefik.ingress.kubernetes.io/whitelist-source-range: "2400:cb00::/32, 2606:4700::/32, 2803:f800::/32, 2405:b500::/32, 2405:8100::/32, 2a06:98c0::/29, 2c0f:f248::/32, 173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/12, 172.64.0.0/13, 131.0.72.0/22"
spec:
tls:
- secretName: cloudflare-tls-cert
rules:
- host: example.com
http:
paths:
- path: /
backend:
serviceName: app-www-service
servicePort: http
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.