Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
用于TCP的Traefik 2.0 IP白名单-Kubernetes CRD_Kubernetes_Traefik_Kubernetes Ingress_Traefik Ingress - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • 用于TCP的Traefik 2.0 IP白名单-Kubernetes CRD

用于TCP的Traefik 2.0 IP白名单-Kubernetes CRD

kubernetes

用于TCP的Traefik 2.0 IP白名单-Kubernetes CRD,kubernetes,traefik,kubernetes-ingress,traefik-ingress,Kubernetes,Traefik,Kubernetes Ingress,Traefik Ingress,我们正在使用Kubernetes和Traefik 2.0。 我们使用Kubernetes CRD(IngressRoute)作为Traefik的提供者 从Traefik文档来看,它看起来不像是可以用于TCP路由器的中间件 我们希望使用TCP路由器,但到目前为止,它只使用Http路由器 以下是我们的ipWhitelist定义: apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: testIPwhit

我们正在使用Kubernetes和Traefik 2.0。 我们使用Kubernetes CRD(IngressRoute)作为Traefik的提供者

从Traefik文档来看,它看起来不像是可以用于TCP路由器的中间件

我们希望使用TCP路由器,但到目前为止,它只使用Http路由器

以下是我们的ipWhitelist定义:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testIPwhitelist
spec:
  ipWhiteList:
    sourceRange:
      - 127.0.0.1/32
      - 192.168.1.7

apiVersion: v1
kind: Service
metadata:
  name: traefik

spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - protocol: TCP
      name: web
      port: 8000
    - protocol: TCP
      name: admin
      port: 8080
    - protocol: TCP
      name: websecure
      port: 4443
    - protocol: TCP
      name: mongodb
      port: 27017
  selector:
    app: traefik
以下是Traefik服务定义:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testIPwhitelist
spec:
  ipWhiteList:
    sourceRange:
      - 127.0.0.1/32
      - 192.168.1.7

apiVersion: v1
kind: Service
metadata:
  name: traefik

spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - protocol: TCP
      name: web
      port: 8000
    - protocol: TCP
      name: admin
      port: 8080
    - protocol: TCP
      name: websecure
      port: 4443
    - protocol: TCP
      name: mongodb
      port: 27017
  selector:
    app: traefik
入口路线定义:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: PathPrefix(`/who`)
    kind: Rule
    services:
    - name: whoami
      port: 80
    middlewares:
      - name: testIPwhitelist
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroute.mongo

spec:
  entryPoints:
    - mongodb
  routes:
  # Match is the rule corresponding to an underlying router.
  - match: HostSNI(`*`)
    services:
    - name: mongodb
      port: 27017

    middlewares:
      - name: testIPwhitelist
有没有办法用traefik TCP路由器限制IP

要获得更多关于Kubernetes CRD的traefik资源,您可以去

您是对的,中间件不能用于TCP路由器。通过中间件的IPWhitelist概念仅适用于HTTP路由器。 您可以关注为TCP路由器请求中间件的问题。

我切换到。看起来Traefik的文档和支持很差