[英]Traefik ipwhitelist middleware example for kubernetes
I'm having trouble putting using Traefik's IPWhitelist middleware in my kubernetes (1.14) cluster. 我在我的kubernetes(1.14)集群中使用Traefik的IPWhitelist中间件时遇到了麻烦。
I'm using the DaemonSet config from here: 我从这里使用DaemonSet配置:
https://docs.traefik.io/user-guide/kubernetes/
I'd like to apply this whitelist to all traffic in/out of the cluster. 我想将此白名单应用于群集中的所有流量。
Thank you! 谢谢!
Here's what I have so far: 这是我到目前为止所拥有的:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: cloudflare-whitelist
spec:
ipWhiteList:
sourceRange:
- 2400:cb00::/32
...
- 131.0.72.0/22
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: allup
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
tls:
- secretName: cloudflare-tls-cert
rules:
- host: example.com
http:
paths:
- path: /
backend:
serviceName: app-www-service
servicePort: http
- host: stuff.example.com
http:
paths:
- path: /
backend:
serviceName: app-stuff-service
servicePort: http
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: cloudflare-whitelist
namespace: ingress
spec:
entryPoints:
- web # <- what is this for?
routes:
- match: Host(`example.com`) # <- Howto apply to all ingress?
kind: Rule
middlewares:
- name: cloudflare-whitelist
- match: Host(`stuff.example.com`)
kind: Rule
middlewares:
- name: cloudflare-whitelist
Thank you! 谢谢!
Ok, here's what I found, from the helpful peeps on Traefik Slack. 好的,这是我发现的,来自Traefik Slack的有用窥视。 The code above is for Traefik v2.0 which is still in Alpha.
上面的代码适用于仍在Alpha中的Traefik v2.0。
For Traefik 1.7 (the current release referenced in the Kubernetes Guide as I write this) 对于Traefik 1.7(当我写这篇文章时, Kubernetes指南中引用的当前版本 )
For 1.7, use regular annotations 对于1.7,使用常规注释
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: allup
annotations:
traefik.ingress.kubernetes.io/whitelist-source-range: "2400:cb00::/32, 2606:4700::/32, 2803:f800::/32, 2405:b500::/32, 2405:8100::/32, 2a06:98c0::/29, 2c0f:f248::/32, 173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/12, 172.64.0.0/13, 131.0.72.0/22"
spec:
tls:
- secretName: cloudflare-tls-cert
rules:
- host: example.com
http:
paths:
- path: /
backend:
serviceName: app-www-service
servicePort: http
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.