Hi Readers, In this blog, we are going to see how to Whitelist IPs Using Traefik Ingress Controller. In this blog, we are using version 2 of the Traefik ingress controller for exposing services to the internet, the IPs that are whitelisted only those IPs will be able to access your domain.
What is IP Whitelisting?
IP whitelisting will allow you to create lists of IP addresses or IP ranges from which your users can access your domains. It provides a security feature often used for controlling and limiting access only to trusted users.
What is Traefik?
Traefik is an open-source most popular ingress controller which is used to expose the services to the internet. It receives the request and finds the service from where the request will serve. Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker, Docker Swarm, AWS, Mesos, Marathon, etc.
Create A Deployment
Now first we will create a Deployment object with a simple web application image.I will deploy in a namespace called traefik you can deploy it on the default namespace. To create a namespace use the below command
$ kubectl create namespace <namespace_name>
apiVersion: apps/v1 kind: Deployment metadata: name: my-app namespace: traefik spec: strategy: type: Recreate selector: matchLabels: app: my-app replicas: 1 template: metadata: labels: app: my-app spec: containers: - name: my-container image: ahmad33/maintenance:1.02 ports: - containerPort: 80
Now first deploy the deployment using kubectl command:
$ kubectl create -f <deployment-file-name>
Create a Service For Deployment
Now we will create a service that is used by traefik ingress controller for serving my web application.
apiVersion: v1 kind: Service metadata: name: my-app-service namespace: traefik labels: app: my-app spec: ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: my-app type: ClusterIP
Now create service using kubectl command:
$ kubectl create -f <service-file-name>
Create a Middleware Object
So for whitelisting IPs we will use Kubernetes middleware object in which we will define SourceRange IPs for whitelist.
apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: test-ipwhitelist namespace: traefik spec: ipWhiteList: sourceRange: - 192.168.43.203 - 172.28.0.1/32
Use Kubectl Command to create middleware based on the above config:
$ kubectl create -f <middleware-file-name>
Create Ingress Object
Now we will create a Kubernetes ingress object in which we will add two annotations, the first is the ingress class that will be traefik and the second one will be for Middleware that we have created. Also, we will define some routing rules for our service.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: test-ip-whitelist namespace: traefik annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.middlewares: traefik-test-ipwhitelist@kubernetescrd spec: rules: - host: test.whitelist.com http: paths: - path: / pathType: Prefix backend: service: name: nginx port: number: 80
Now create the ingress object using kubectl command:
$ kubectl create -f <ingress-file-name>
wait for the address, and map IP addresses to URLs in the /etc/hosts file.
Now go to your browser and hit your domain. By changing IPs in the middleware object under the SourceRange section you can test.
That’s all for this blog, In this blog, we have seen how to whitelist IPs when using the traefik ingress controller. I hope you liked it, if you have any suggestions or modifications please do let me know. Thank You.