coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df09dd42f4e7f05ab1121b5603f2fdf875e91194
net-kingdom/sso-mfa/k8s/lldap/middleware.yaml
Bernd Worsch a375b3814d fix(sso-mfa): use ipWhiteList for Traefik v2 in LLDAP and privacyIDEA middleware 
Traefik 2.10 (K3s 1.30 bundle) requires ipWhiteList, not ipAllowList.
Updated both middleware files and clarified comments to match cluster version.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 07:28:06 +00:00

26 lines
717 B
YAML
Raw Blame History

# Traefik Middleware for LLDAP web UI (namespace: sso)
#
# The LLDAP web UI is admin-only and must never be accessible from the internet.
# This middleware restricts access to VPN/office IPs.
#
# Middleware name referenced in ingress.yaml:
# sso-lldap-admin-allowlist@kubernetescrd
#
# ADJUST sourceRange to your actual VPN / office CIDR(s) before going live.
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: lldap-admin-allowlist
namespace: sso
labels:
app.kubernetes.io/part-of: net-kingdom-sso-mfa
net-kingdom/component: sso
spec:
ipWhiteList:
# EDIT: replace with your VPN/office CIDRs.
sourceRange:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
Reference in New Issue View Git Blame Copy Permalink