Help Needed Defining Traefik Routing Rule in Kubernetes Ingress Annotation (Traefik 1.7.34)

jbm · March 22, 2024, 6:30am

Hi!

I'm using Traefik version 1.7.34 in my Kubernetes cluster and I'm struggling to define a routing rule using annotations within an Ingress resource.

I need to specify the following routing rule:

Rule: (HeadersRegexp(`Authorization`, `.*`) || Method(`OPTIONS`))

Could someone provide guidance or an example of how to properly format this rule with the traefik.ingress.kubernetes.io annotation field in my Ingress resource YAML?

Thx!

bluepuma77 · April 11, 2024, 6:01am

Traefik v1.7 was released in 2018 and official support ended 2021. You should just not use such an old version if you care about your site and network security.

hokiegeek2 · September 3, 2024, 3:08pm

@jbm were you able to get this working for a Traefik2x ingress controller?

bluepuma77 · September 6, 2024, 7:12pm

Did you check the doc about router rule?

hokiegeek2 · September 7, 2024, 11:58am

@bluepuma77 good question and thanks a bunch for the follow-up! Yep, that's great documentation and this is what I am attempting to do within my two routes I define in my IngressRoute:

metadata:
  name: keycloak-https
spec:
  tls:
    secretName: keycloak-tls
    options:
      name: keycloak-tls
      namespace: keycloak
  entryPoints:
    - websecure
  routes:
    - match: (PathPrefix(`/`) && !HeadersRegex(`X-Keycloak-Internal-Request`, `.*))
      kind: Rule
      services:
        - name: keycloak
          port: 8080
      middlewares:
        - name: "keycloak-strip-middleware"
          namespace: keycloak
        - name: "tls-client-cert"
          namespace: keycloak
        - name: "headerdump"
          namespace: keycloak
    - match: (PathPrefix(`/`) && Headers(`X-Keycloak-Internal-Request`, `true`))
      kind: Rule
      services:
        - name: keycloak
          port: 8080
      middlewares:
        - name: "keycloak-strip-middleware"
          namespace: keycloak
        - name: "headerdump"
          namespace: keycloak

It appears that both of these rules are ignored, but it's very possible I am doing something wrong. I am attempting to route requests on a redirect to the first route if the X-Keycloak-Internal-Request header is missing. In my testing all requests go to that first one, irrespective of whether the header is written or not.

Now, importantly, this week I discovered that the headers written on direct by the keycloakopenid plugin are not preserved on the two redirects embedded in their design when keycloakopenid is deployed behind a Traefik ingress controller in my K3S kubernetes cluster. So...I think that's the issue as opposed to anything related to the Headers and HeadersRegexp.

Consequently, it appears the key, core question is

Topic		Replies	Views
How to handle regex Traefik v1 kubernetes-ingress	3	790	November 22, 2020
Traefik v1.7.x to Traefik v2.x.x ingress controller migration Traefik v2 kubernetes-ingress	2	694	February 24, 2020
Support of K8s Ingress object? Traefik v2 kubernetes-ingress	2	402	September 17, 2020
Ssl-redirect not working? Traefik v2 kubernetes-ingress	14	3215	December 3, 2020
Traefik ingress annotation "redirect http to https" redirecting to another website Traefik v2 kubernetes-ingress	1	5367	November 19, 2021

Help Needed Defining Traefik Routing Rule in Kubernetes Ingress Annotation (Traefik 1.7.34)

Related topics