Adds middlewares examples for k8s.

2019-04-03 14:32:04 +02:00 · 2019-04-03 14:32:04 +02:00 · 07d0eb9ae6
commit 07d0eb9ae6
parent 336135c392
16 changed files with 552 additions and 261 deletions
--- a/docs/content/middlewares/ipwhitelist.md
+++ b/docs/content/middlewares/ipwhitelist.md
@ -12,7 +12,19 @@ IPWhitelist accepts / refuses requests based on the client IP.
 ```yaml tab="Docker"
 # Accepts request from defined IP
 labels:
- "traefik.http.middlewares.Middleware9.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipwhitelist
+spec:
+  ipWhiteList:
+    sourceRange:
+    - 127.0.0.1/32
+    - 192.168.1.7
 ```

 ```toml tab="File"
@ -24,19 +36,19 @@ labels:

 ## Configuration Options

-### sourceRange
+### `sourceRange`

 The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs).

-### ipStrategy
+### `ipStrategy`

 The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth`, and `excludedIPs`.

-#### ipStrategy.depth 
+#### `ipStrategy.depth`

 The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).

-!!! note "Examples of Depth & X-Forwaded-For"
+!!! note "Examples of Depth & X-Forwarded-For"

    If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting would be `"12.0.0.1"` (`depth=2`).
    
@ -47,10 +59,31 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
        | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1`     | `"13.0.0.1"` |
        | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
        | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
-
-??? example "File -- Whitelisting Based on `X-Forwarded-For` with `depth=2`"
-
-    ```toml
+    
+    ```yaml tab="Docker"
+    # Whitelisting Based on `X-Forwarded-For` with `depth=2`
+    labels:
+        - "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+        - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
+    ```
+    
+    ```yaml tab="Kubernetes"
+    # Whitelisting Based on `X-Forwarded-For` with `depth=2`
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: testIPwhitelist
+    spec:
+      ipWhiteList:
+        SourceRange:
+        - 127.0.0.1/32
+        - 192.168.1.7
+        ipstrategy:
+          depth: 2
+    ```
+    
+    ```toml tab="File"
+    # Whitelisting Based on `X-Forwarded-For` with `depth=2`
    [http.middlewares]
      [http.middlewares.test-ipwhitelist.ipWhiteList]
        sourceRange = ["127.0.0.1/32", "192.168.1.7"]
@ -58,26 +91,16 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
            depth = 2
    ```

-??? example "Docker -- Whitelisting Based on `X-Forwarded-For` with `depth=2`"
-
-    ```yml
-     a-container:
-        image: a-container-image 
-            labels:
-                - "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
-                - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
-    ```
-
 !!! note

    - If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
    - `depth` is ignored if its value is is lesser than or equal to 0.

-#### ipStrategy.excludedIPs
+#### `ipStrategy.excludedIPs`

 `excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.

-!!! note "Examples of ExcludedIPs & X-Forwaded-For"
+!!! note "Examples of ExcludedIPs & X-Forwarded-For"

    | `X-Forwarded-For`                       | `excludedIPs`         | clientIP     |
    |-----------------------------------------|-----------------------|--------------|
@ -90,20 +113,30 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
 !!! important
    If `depth` is specified, `excludedIPs` is ignored.

-??? example "File -- Exclude from `X-Forwarded-For`"
+```yaml tab="Docker"
+# Exclude from `X-Forwarded-For`
+labels:
+    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
+```

-    ```toml
-    [http.middlewares]
-      [http.middlewares.test-ipwhitelist.ipWhiteList]
-        [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
-          excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
-    ```
+```yaml tab="Kubernetes"
+# Exclude from `X-Forwarded-For`
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipwhitelist
+spec:
+  ipWhiteList:
+    ipstrategy:
+      excludedIPs:
+      - 127.0.0.1/32
+      - 192.168.1.7
+```

-??? example "Docker -- Exclude from `X-Forwarded-For`"
-
-    ```yml
-     a-container:
-        image: a-container-image 
-            labels:
-                - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
-    ```
+```toml tab="File"
+# Exclude from `X-Forwarded-For`
+[http.middlewares]
+  [http.middlewares.test-ipwhitelist.ipWhiteList]
+    [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
+      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
+```