kubernetes的Traefik ipwhitelist中间件示例

时间:2019-06-03 02:59:03

标签: kubernetes traefik traefik-ingress

我无法在Kubernetes(1.14)集群中使用Traefik的IPWhitelist中间件。

我正在从此处使用DaemonSet配置:

https://docs.traefik.io/user-guide/kubernetes/

我想将此白名单应用于进出集群的所有流量。

  • 如何应用于所有流量?
  • 我可以使用注释代替IngressRoute吗?
  • 是否有我错过的示例或文档?

谢谢!

这是我到目前为止所拥有的:

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us
spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
  scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: cloudflare-whitelist
spec:
  ipWhiteList:
    sourceRange:
    - 2400:cb00::/32
    ...
    - 131.0.72.0/22
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: allup
  annotations:
    traefik.frontend.rule.type: PathPrefixStrip
spec:
  tls:
    - secretName: cloudflare-tls-cert
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: app-www-service
              servicePort: http
    - host: stuff.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: app-stuff-service
              servicePort: http
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: cloudflare-whitelist
  namespace: ingress
spec:
  entryPoints:
    - web  # <- what is this for?
  routes:
    - match: Host(`example.com`)  # <- Howto apply to all ingress?
      kind: Rule
      middlewares:
        - name: cloudflare-whitelist
    - match: Host(`stuff.example.com`)
      kind: Rule
      middlewares:
        - name: cloudflare-whitelist
  • 如何应用于所有流量?
  • 我可以使用注释代替IngressRoute吗?
  • 是否有我错过的示例或文档?

谢谢!

1 个答案:

答案 0 :(得分:0)

好吧,这是我从Traefik Slack上有用的窥视中找到的。上面的代码适用于仍在Alpha中的Traefik v2.0。

对于Traefik 1.7(我在撰写本文时在current release中引用的Kubernetes Guide

对于1.7,请使用常规的annotations 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: allup
  annotations:
    traefik.ingress.kubernetes.io/whitelist-source-range: "2400:cb00::/32, 2606:4700::/32, 2803:f800::/32, 2405:b500::/32, 2405:8100::/32, 2a06:98c0::/29, 2c0f:f248::/32, 173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/12, 172.64.0.0/13, 131.0.72.0/22"
spec:
  tls:
    - secretName: cloudflare-tls-cert
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: app-www-service
              servicePort: http
相关问题
最新问题