fix(sso-mfa): use ipWhiteList for Traefik v2 in LLDAP and privacyIDEA middleware

Traefik 2.10 (K3s 1.30 bundle) requires ipWhiteList, not ipAllowList. Updated both middleware files and clarified comments to match cluster version. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 07:28:06 +00:00
parent 6d25d088d7
commit a375b3814d
2 changed files with 4 additions and 4 deletions
--- a/sso-mfa/k8s/lldap/middleware.yaml
+++ b/sso-mfa/k8s/lldap/middleware.yaml
@@ -17,7 +17,7 @@ metadata:
    app.kubernetes.io/part-of: net-kingdom-sso-mfa
    net-kingdom/component: sso
 spec:
-  ipAllowList:
+  ipWhiteList:
    # EDIT: replace with your VPN/office CIDRs.
    sourceRange:
      - "10.0.0.0/8"
--- a/sso-mfa/k8s/privacyidea/middleware.yaml
+++ b/sso-mfa/k8s/privacyidea/middleware.yaml
@@ -36,8 +36,8 @@ spec:
 # ADJUST sourceRange to your actual VPN / office CIDR(s) before going live.
 # Leaving RFC-1918 ranges here is only a dev/staging default.
 #
-# Traefik v3 uses ipAllowList; Traefik v2 uses ipWhiteList.
-# Check your Traefik version and update accordingly.
+# Traefik v2 uses ipWhiteList; Traefik v3 uses ipAllowList.
+# This cluster runs Traefik 2.10 (K3s 1.30 bundle) — ipWhiteList required.
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -47,7 +47,7 @@ metadata:
    app.kubernetes.io/part-of: net-kingdom-sso-mfa
    net-kingdom/component: mfa
 spec:
-  ipAllowList:
+  ipWhiteList:
    # EDIT: replace with your VPN/office CIDRs (see CONFIG.md for the pattern).
    # Example VPN: "10.8.0.0/24"
    sourceRange: