Merge pull request #990 from aleksasiriski/trusted-ips

Traefik Trusted IPs
kube-hetzner · Sep 22, 2023 · 33f2730 · 33f2730
2 parents 49d0799 + 5aa2d5f
commit 33f2730
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/locals.tf b/locals.tf
@@ -503,19 +503,31 @@ ports:
       trustedIPs:
         - 127.0.0.1/32
         - 10.0.0.0/8
+%{for ip in var.traefik_additional_trusted_ips~}
+        - "${ip}"
+%{endfor~}
     forwardedHeaders:
       trustedIPs:
         - 127.0.0.1/32
         - 10.0.0.0/8
+%{for ip in var.traefik_additional_trusted_ips~}
+        - "${ip}"
+%{endfor~}
   websecure:
     proxyProtocol:
       trustedIPs:
         - 127.0.0.1/32
         - 10.0.0.0/8
+%{for ip in var.traefik_additional_trusted_ips~}
+        - "${ip}"
+%{endfor~}
     forwardedHeaders:
       trustedIPs:
         - 127.0.0.1/32
         - 10.0.0.0/8
+%{for ip in var.traefik_additional_trusted_ips~}
+        - "${ip}"
+%{endfor~}
 %{endif~}
 %{if var.traefik_additional_ports != ""~}
 %{for option in var.traefik_additional_ports~}
@@ -529,10 +541,16 @@ ports:
       trustedIPs:
         - 127.0.0.1/32
         - 10.0.0.0/8
+%{for ip in var.traefik_additional_trusted_ips~}
+        - "${ip}"
+%{endfor~}
     forwardedHeaders:
       trustedIPs:
         - 127.0.0.1/32
         - 10.0.0.0/8
+%{for ip in var.traefik_additional_trusted_ips~}
+        - "${ip}"
+%{endfor~}
 %{endif~}
 %{endfor~}
 %{endif~}
@@ -543,11 +561,9 @@ podDisruptionBudget:
 %{endif~}
 additionalArguments:
   - "--entrypoints.tcp=true"
-%{if var.traefik_additional_options != ""~}
 %{for option in var.traefik_additional_options~}
   - "${option}"
 %{endfor~}
-%{endif~}
 %{if var.traefik_resource_limits~}
 resources:
   requests:

diff --git a/variables.tf b/variables.tf
@@ -345,6 +345,12 @@ variable "traefik_additional_options" {
   description = "Additional options to pass to Traefik as a list of strings. These are the ones that go into the additionalArguments section of the Traefik helm values file."
 }
 
+variable "traefik_additional_trusted_ips" {
+  type        = list(string)
+  default     = []
+  description = "Additional Trusted IPs to pass to Traefik. These are the ones that go into the trustedIPs section of the Traefik helm values file."
+}
+
 variable "traefik_values" {
   type        = string
   default     = ""