Comments (3)
Hi Patrick
Just to make this feature request more generic, here we want to:
- "allow" or "deny" traffic based on source IP address
- provide the list of IPs
- apply this matching either to the source IP address of the TCP connection or in any HTTP header provided by configuration
I do propose the following annotations:
ip-list
: name of a configmap where a list of IP can be foundip-list-action
: action to be perfomed: either 'allow' or 'deny'ip-list-header
: (optional) name of the HTTP header where to find the source IP address. Default is to be use the source IP from the TCP client connection
the ip-list
configmap should look like:
data:
ip-list:
- a.b.c.d
- e.f.g.h
The idea behind the config map is that we can use the list of IPs for multiple ingresses / controllers and also we can watch it and once updated, the controller can replicate the change in HAProxy at runtime (when the client-native lib will support this)
With this, we should be able to meet your needs and many other use cases.
from kubernetes-ingress.
That would be perfect, two things I forgot to specify though :
- I need to specify IP ranges (
a.b.c.d/24
for example ); - I need to specify both IPv4 & IPv6 IP addresses.
from kubernetes-ingress.
both will be supported out of the box.
I wonder one thing, I don't like the naming propositon: ip-list
but would like to rename it to filter
or filtering
. What do you think? It is closer to what it does exactly
from kubernetes-ingress.
Related Issues (20)
- haproxy ingress forward request to service based on header check HOT 2
- Order in path type HOT 1
- Annotation haproxy.org/route-acl disrupts path resolution when we have many paths for a domain HOT 3
- --http-bind-port=80 does not work. binds on 8080 HOT 12
- support for blue green deployments using weights based on headers or cookies HOT 1
- Tcp log format release HOT 1
- File transmission reset every one minute. HOT 5
- Backend maxconn config not working properly when running multiple ingress controllers HOT 1
- Falls back to HTTP-over-443 if the ConfigMap specified through --configmap is missing (even with --disable-http option) HOT 5
- Global option `tune_ssl_default_dh_param` has no effect HOT 3
- Not able to add `send-proxy` option to a TCP service HOT 2
- In TCP service sometime we get client_ip as an internal ip how can we get an external ip in tcp log HOT 5
- default-local-service_http error setting check: true on cr-backend HOT 5
- Default certificate does not exist HOT 6
- Configure accept-proxy HOT 4
- ingress with wildcard and ssl-passthrough take always precedence over https subdomain HOT 6
- Inconsitent balancing HOT 11
- --ipv6-bind-address causes 'bind' missing port specification in HOT 3
- Latest versions of each HAProxy release are not available in ingress HOT 3
- binding to privileged port fail HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress.