feat(Traefik) add support for forwarded headers (#2604)
* Add support for forwardedHeaders to Traefik * Set ForwardedHeaders config at entrypoint * Ignore forwarded headers on main entrypoint Also bump minor version
This commit is contained in:
@@ -22,7 +22,7 @@ sources:
|
||||
- https://github.com/traefik/traefik-helm-chart
|
||||
- https://traefik.io/
|
||||
type: application
|
||||
version: 11.1.8
|
||||
version: 11.2.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
|
||||
@@ -551,7 +551,6 @@ questions:
|
||||
required: true
|
||||
default: ""
|
||||
|
||||
|
||||
- variable: service
|
||||
group: "Networking and Services"
|
||||
label: "Configure Service Entrypoint"
|
||||
@@ -676,6 +675,36 @@ questions:
|
||||
schema:
|
||||
type: string
|
||||
default: "websecure"
|
||||
- variable: forwardedHeaders
|
||||
label: "Accept Forwarded Headers"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: trustedIPs
|
||||
label: "Trusted IPs"
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: trustedIPsEntry
|
||||
label: ""
|
||||
schema:
|
||||
type: ipaddr
|
||||
required: true
|
||||
default: ""
|
||||
- variable: insecureMode
|
||||
label: "Insecure Mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: websecure
|
||||
label: "websecure Entrypoints Configuration"
|
||||
schema:
|
||||
@@ -729,6 +758,36 @@ questions:
|
||||
label: "Redirect to Entrypoint"
|
||||
schema:
|
||||
type: string
|
||||
- variable: forwardedHeaders
|
||||
label: "Accept Forwarded Headers"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: trustedIPs
|
||||
label: "Trusted IPs"
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: trustedIPsEntry
|
||||
label: ""
|
||||
schema:
|
||||
type: ipaddr
|
||||
required: true
|
||||
default: ""
|
||||
- variable: insecureMode
|
||||
label: "Insecure Mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: tls
|
||||
label: "websecure Entrypoints Configuration"
|
||||
schema:
|
||||
@@ -801,6 +860,36 @@ questions:
|
||||
label: "Redirect to Entrypoint"
|
||||
schema:
|
||||
type: string
|
||||
- variable: forwardedHeaders
|
||||
label: "Accept Forwarded Headers"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: trustedIPs
|
||||
label: "Trusted IPs"
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: trustedIPsEntry
|
||||
label: ""
|
||||
schema:
|
||||
type: ipaddr
|
||||
required: true
|
||||
default: ""
|
||||
- variable: insecureMode
|
||||
label: "Insecure Mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: ingress
|
||||
label: ""
|
||||
group: "Ingress"
|
||||
|
||||
@@ -64,6 +64,16 @@ args:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $entrypoint, $config := $ports }}
|
||||
{{/* add args for forwardedHeaders support */}}
|
||||
{{- if $config.forwardedHeaders.enabled }}
|
||||
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
|
||||
{{- end }}
|
||||
{{- if $config.forwardedHeaders.insecureMode }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* end forwardedHeaders configuration */}}
|
||||
{{- if $config.redirectTo }}
|
||||
{{- $toPort := index $ports $config.redirectTo }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
|
||||
|
||||
@@ -146,6 +146,9 @@ service:
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
protocol: HTTP
|
||||
# -- Forwarded Headers should never be enabled on Main entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
tcp:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
@@ -155,12 +158,26 @@ service:
|
||||
port: 9080
|
||||
protocol: HTTP
|
||||
redirectTo: websecure
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# Options: Empty, 0 (ingore), or positive int
|
||||
# redirectPort:
|
||||
websecure:
|
||||
enabled: true
|
||||
port: 9443
|
||||
protocol: HTTPS
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# tcpexample:
|
||||
# enabled: true
|
||||
# targetPort: 9443
|
||||
@@ -184,6 +201,9 @@ service:
|
||||
port: 9180
|
||||
targetPort: 9180
|
||||
protocol: HTTP
|
||||
# -- Forwarded Headers should never be enabled on Metrics entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
udp:
|
||||
enabled: false
|
||||
|
||||
@@ -303,7 +323,7 @@ middlewares:
|
||||
redirectRegex: []
|
||||
# - name: redirectRegexName
|
||||
# regex: putregexhere
|
||||
# replacement: replacementurlhere
|
||||
# replacement: repslacementurlhere
|
||||
# permanent: false
|
||||
stripPrefixRegex: []
|
||||
# - name: stripPrefixRegexName
|
||||
|
||||
Reference in New Issue
Block a user