Hello there!
I have been trying out a few auth proxies for Traefik but so far, none of them actually implemented whitelisting IP CIDRs.
Essentially, my kubernetes cluster runs at home and is exposed publicy. When I am at home, I would like to be able to use most of my services without needing to go through the login flow. But when I am away, or share access by creating users in Keycloak, I would like them to need to authenticate. Effectively, I want to whitelist my home network's CIDR, and enforce auth everywhere else.
Traefik is configured to receive the real request IP (with hostNetwork and an apropriate dnsPolicy and whatnot). So all that I need now is the ability to use that to figure out if it matches my home network's CIDR or not.
Is that possible?
Thanks and kind regards,
Ingwie
Hello there!
I have been trying out a few auth proxies for Traefik but so far, none of them actually implemented whitelisting IP CIDRs.
Essentially, my kubernetes cluster runs at home and is exposed publicy. When I am at home, I would like to be able to use most of my services without needing to go through the login flow. But when I am away, or share access by creating users in Keycloak, I would like them to need to authenticate. Effectively, I want to whitelist my home network's CIDR, and enforce auth everywhere else.
Traefik is configured to receive the real request IP (with
hostNetworkand an apropriatednsPolicyand whatnot). So all that I need now is the ability to use that to figure out if it matches my home network's CIDR or not.Is that possible?
Thanks and kind regards,
Ingwie