Hello!
I recently bit the bullet and started migrating my old quickstart setup to my existing k3s cluster. As of now, after some trial and error, all basic functionality seems to be working, which is great!
The question is related to setting up some basic access control on the management API. I have it enabled and it is accessible and works, using Traefik. I want to limit it to local connections only, so I want to apply a traefik ipallowlist middleware.
A quick inspection of the helm chart shows that, while I can’t directly set middleware or other config in it, it appears to have a field for labels (managementApi.traefikTcpRoute.labels) but it appears to be an object ({}) instead of the expected list of strings ([]). Based on Traefik docs ( Traefik HTTP Middlewares IPAllowList - Traefik ), if I manage to get something like traefik.http.middlewares.ziti-ipallowlist.ipallowlist.sourcerange="127.0.0.1/32,192.168.42.0/24" into there, it may work.
It’s likely to just be my inexperience showing, but after messing around with it I’m still not sure how I should be putting this in. Everything I’m seeing implies that labels are generally just strings, so I’m probably missing something obvious.
Is there another way to do this? Any pointers or advice would be great!
EDIT: To elaborate, I also tried various key/value pairs in there but the key is limited to 63 chars and the value seems to have some sort of validation regex that rejects the commas, quotes, and some other stuff, so that doesn’t work too.
EDIT2: Now that I think about it, I could probably just not use the ingressroutetcp provided by the Helm chart and make my own. Even if I do that, though, I’d like to figure out what’s meant to go in the labels object anyways, for future reference!