From 1359936c7e8b5998a38a00c5144bb97fd1d5e026 Mon Sep 17 00:00:00 2001 From: Tony Du Date: Sun, 16 Mar 2025 13:58:20 -0700 Subject: [PATCH] chore: Remove cloudflare-ip-header middleware --- flake.nix | 1 + .../traefik/middlewares/cloudflare-ip-header.yaml | 5 ++++- k8s/infrastructure/controllers/traefik/release.yaml | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 01fdb75..f2abbd9 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ packages = with pkgs; [ python311 opentofu + linode-cli kubectl k9s ] ++ diff --git a/k8s/infrastructure/controllers/traefik/middlewares/cloudflare-ip-header.yaml b/k8s/infrastructure/controllers/traefik/middlewares/cloudflare-ip-header.yaml index aa6a93b..97b9b7c 100644 --- a/k8s/infrastructure/controllers/traefik/middlewares/cloudflare-ip-header.yaml +++ b/k8s/infrastructure/controllers/traefik/middlewares/cloudflare-ip-header.yaml @@ -1,3 +1,4 @@ +--- apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: @@ -6,5 +7,7 @@ metadata: spec: headers: customRequestHeaders: + # This doesn't work + # TODO: Possibly use a plugin to rewrite this header? Or confirm whether + # cloudflare sends XFF header X-Forwarded-For: "{Cf-Connecting-Ip}" - diff --git a/k8s/infrastructure/controllers/traefik/release.yaml b/k8s/infrastructure/controllers/traefik/release.yaml index a888395..e4bfdc4 100644 --- a/k8s/infrastructure/controllers/traefik/release.yaml +++ b/k8s/infrastructure/controllers/traefik/release.yaml @@ -60,7 +60,7 @@ spec: websecure: middlewares: - traefik-bouncer@kubernetescrd - - traefik-cloudflare-ip-header@kubernetescrd + # - traefik-cloudflare-ip-header@kubernetescrd trustedIPs: # https://www.cloudflare.com/ips-v4/# - 173.245.48.0/20