Hi. I wanted to filter using IP, and I tried to use the annotation ingress.kubernetes.io/whitelist-source-range: 1.1.1.1/32 using Traefik2 on K3S but it doesn't seem to have any effect.
However traefik.ingress.kubernetes.io/router.middlewares: namespacename-middlewarename@kubernetescrd works.
I just need to have the corresponding ip filtering middleware:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
namespace: namespacename
name: middlewarename
spec:
ipWhiteList:
sourceRange:
- 1.1.1.1/32
I can deal with the middleware but I'm wondering whether the first generic annotation is supposed to work, because I would rather use it. It's more generic and would work on many kubernetes installations.
Just wanted to post here saying that I'm doing a similar journey trying to get whitelisting to work with the default k3s deployment using traefik
Hello @fungiboletus @icsy7867
In order to correctly use middleware with Kubernetes Ingress the following annotation has to be added:
traefik.ingress.kubernetes.io/router.middlewares: auth@file,default-prefix@kubernetescrd
The list of available annotation is available here: Kubernetes Ingress - Traefik
While assigning middleware please be aware of the naming convention that depends on the provider namespace.
Technically speaking the general rule is following:
<resource-name>@<provider-name>
For Kubernetes the naming convention is following:
<middleware-namespace>-<middleware-name>@kubernetescrd.
Thanks!
1 Like
Thanks @jakubhajek
I manage to use the traefik middlewares correctly, but I would rather avoid them because they are specific to traefik compared to the ingress.kubernetes.io/whitelist-source-range annotation that works on many ingress.