Wondering how to whitelist IPs Using Traefik Ingress? Our in-house experts are here to help you out with this article. Our server management services is here to offer a lending hand with your queries and issues.

Whitelist IPs Using Traefik Ingress

Traefik is an open-source most popular ingress controller which is used to expose the services to the internet.

It receives the request and finds the service from where the request will serve.

Traefik is natively compliant with every major cluster technology.

Today, let us see the steps followed by our support techs to whitelist IPs.

Create A Deployment

Now first we will create a Deployment object with a simple web application image.

We will deploy in a namespace called traefik you can deploy it on the default namespace.

To create a namespace use the below command

$ kubectl create namespace <namespace_name>

apiVersion: apps/v1 
kind: Deployment
metadata:
  name: my-app
  namespace: traefik
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: my-app
  replicas: 1 
  template: 
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: ahmad33/maintenance:1.02
        ports:
        - containerPort: 80

Now first deploy the deployment using kubectl command:

$ kubectl create -f <deployment-file-name>

Create a Service For Deployment

Now we will create a service that is used by traefik ingress controller for serving my web application.

apiVersion: v1
kind: Service
metadata:
  name: my-app-service
  namespace: traefik
  labels:
    app: my-app
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: my-app
  type: ClusterIP

Now create service using kubectl command:

$ kubectl create -f <service-file-name>

Create a Middleware Object

So for whitelisting IPs we will use Kubernetes middleware object in which we will define SourceRange IPs for whitelist.

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ipwhitelist
  namespace: traefik
spec:
  ipWhiteList:
    sourceRange:
       - 192.168.43.203
       - 172.28.0.1/32

Use Kubectl Command to create middleware based on the above config:

$ kubectl create -f <middleware-file-name>

Create Ingress Object

Now we will create a Kubernetes ingress object in which we will add two annotations, the first is the ingress class that will be traefik and the second one will be for Middleware that we have created.

Also, we will define some routing rules for our service.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ip-whitelist
  namespace: traefik
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: traefik-test-ipwhitelist@kubernetescrd
spec:
  rules:
    - host: test.whitelist.com
      http:
        paths:
           - path: /
             pathType: Prefix
             backend:
                  service:
                     name: nginx
                     port:
                       number: 80

Now create the ingress object using kubectl command:

$ kubectl create -f <ingress-file-name>

wait for the address, and map IP addresses to URLs in the /etc/hosts file.

Now go to your browser and hit your domain. By changing IPs in the middleware object under the SourceRange section you can test.

[Looking for a solution to another query? We’re here to help.]

Conclusion

In conclusion, our Support Engineers showed us steps to whitelist IPs Using Traefik Ingress. Drop us a line in the comments if you face any trouble.