Hi,
We are currently using EKS 1.21 and upgraded our ingress traefik from 1.7 to 2.5 in order to support the API changes of EKS 1.22.
We want to restrict service requests per IP like we had configured successfully in traefik 1.7 which isn't working as expected in traefik 2.5.
We followed these docs:
- Traefik HTTP Middlewares IPWhiteList - Traefik
- https://blog.knoldus.com/how-to-whitelist-ips-using-traefik-ingress-controller/
Here are out ingress and Middleware yaml files we configured:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: csp-customer-view-tenants-whitelisted-ingress-qa
namespace: qa
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.middlewares: qa-whitelist-14494227304766980796@kubernetescrd
managedFields:
- manager: Go-http-client
operation: Update
apiVersion: networking.k8s.io/v1
time: '2023-03-05T20:43:45Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubernetes.io/ingress.class: {}
f:spec:
f:rules: {}
- manager: dashboard
operation: Update
apiVersion: extensions/v1beta1
time: '2023-03-06T09:56:21Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:traefik.ingress.kubernetes.io/router.middlewares: {}
selfLink: >-
/apis/networking.k8s.io/v1/namespaces/qa/ingresses/csp-customer-view-tenants-whitelisted-ingress-qa
status:
loadBalancer: {}
spec:
rules:
- host: <HOSTNAME>
http:
paths:
- path: <PATH>
pathType: ImplementationSpecific
backend:
service:
name: <SERVICE NAME>
port:
name: http
-------------
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
creationTimestamp: '2023-03-05T20:43:45Z'
generation: 9
managedFields:
- apiVersion: traefik.containo.us/v1alpha1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:ipWhiteList': {}
manager: Go-http-client
operation: Update
time: '2023-03-05T20:43:45Z'
- apiVersion: traefik.containo.us/v1alpha1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
'f:ipWhiteList':
'f:sourceRange': {}
manager: dashboard
operation: Update
time: '2023-03-05T20:50:28Z'
name: whitelist-14494227304766980796
namespace: qa
resourceVersion: '273127939'
uid: ede28f3a-f39f-49eb-9bbd-375ea2802e34
spec:
ipWhiteList:
sourceRange:
- 47.118.165.25/32