From 43611dfa76e3b59ff6a667fd6b15cf7ad09dc488 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Sun, 13 Nov 2022 13:03:07 +0200 Subject: [PATCH] feat(traefik): add geoblock middleware (#4396) * feat(traefik): add geoblock middleware * add the required args * add UI * fix indentaiton --- .../updateTraefikMiddlewareVersions.sh | 4 + charts/stable/traefik/Chart.yaml | 2 +- charts/stable/traefik/questions.yaml | 1 + charts/stable/traefik/templates/_args.tpl | 6 ++ .../templates/middlewares/geoblock.yaml | 34 +++++++ charts/stable/traefik/values.yaml | 16 +++ .../questions/traefik/geoBlockMiddleware.yaml | 99 +++++++++++++++++++ 7 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 charts/stable/traefik/templates/middlewares/geoblock.yaml create mode 100644 templates/questions/traefik/geoBlockMiddleware.yaml diff --git a/.github/scripts/updateTraefikMiddlewareVersions.sh b/.github/scripts/updateTraefikMiddlewareVersions.sh index 69bf89a87f2..5b60b8aca3f 100755 --- a/.github/scripts/updateTraefikMiddlewareVersions.sh +++ b/.github/scripts/updateTraefikMiddlewareVersions.sh @@ -42,8 +42,12 @@ update_plugin() { } # Example # update_plugin "repo" "key_holding_version_in_values.yaml" "plugin_name_used_for_verbose_printing_only" + # Real IP update_plugin "soulbalz/traefik-real-ip" "realIPVersion" "RealIP" # Theme Park update_plugin "packruler/traefik-themepark" "themeParkVersion" "ThemePark" + +# GeoBlock +update_plugin "PascalMinder/geoblock" "geoBlockVersion" "GeoBlock" diff --git a/charts/stable/traefik/Chart.yaml b/charts/stable/traefik/Chart.yaml index db7d76b8db9..2763f4d899e 100644 --- a/charts/stable/traefik/Chart.yaml +++ b/charts/stable/traefik/Chart.yaml @@ -23,7 +23,7 @@ sources: - https://github.com/traefik/traefik-helm-chart - https://traefik.io/ type: application -version: 15.0.1 +version: 15.1.0 annotations: truecharts.org/catagories: | - network diff --git a/charts/stable/traefik/questions.yaml b/charts/stable/traefik/questions.yaml index aca7fd43366..6ec38db9503 100644 --- a/charts/stable/traefik/questions.yaml +++ b/charts/stable/traefik/questions.yaml @@ -182,6 +182,7 @@ questions: # Include{ipWhitelistMiddleware} # Include{themeParkMiddleware} # Include{realIPMiddleware} +# Include{geoBlockMiddleware} # Include{addPrefixMiddleware} - variable: service group: "Networking and Services" diff --git a/charts/stable/traefik/templates/_args.tpl b/charts/stable/traefik/templates/_args.tpl index 68a0c916ce1..98cc63897b9 100644 --- a/charts/stable/traefik/templates/_args.tpl +++ b/charts/stable/traefik/templates/_args.tpl @@ -158,6 +158,12 @@ args: - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}" {{- end }} {{/* End of theme.park */}} + {{/* GeoBlock */}} + {{- if .Values.middlewares.geoBlock }} + - "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock" + - "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}" + {{- end }} + {{/* End of GeoBlock */}} {{/* RealIP */}} {{- if .Values.middlewares.realIP }} - "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip" diff --git a/charts/stable/traefik/templates/middlewares/geoblock.yaml b/charts/stable/traefik/templates/middlewares/geoblock.yaml new file mode 100644 index 00000000000..1f0fb752769 --- /dev/null +++ b/charts/stable/traefik/templates/middlewares/geoblock.yaml @@ -0,0 +1,34 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{- range $index, $middlewareData := .Values.middlewares.geoBlock }} + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + plugin: + GeoBlock: + allowLocalRequests: {{ $middlewareData.allowLocalRequests }} + logLocalRequests: {{ $middlewareData.logLocalRequests }} + logAllowedRequests: {{ $middlewareData.logAllowedRequests }} + logApiRequests: {{ $middlewareData.logApiRequests }} + api: {{ $middlewareData.api }} + apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }} + cacheSize: {{ $middlewareData.cacheSize }} + forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }} + allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }} + unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }} + {{- if not $middlewareData.countries }} + {{- fail "You have to define at least one country..." }} + {{- end }} + countries: + {{- range $middlewareData.countries }} + - {{ . }} + {{- end }} +{{- end }} diff --git a/charts/stable/traefik/values.yaml b/charts/stable/traefik/values.yaml index 26d7da06f0b..a85f8b10ab9 100644 --- a/charts/stable/traefik/values.yaml +++ b/charts/stable/traefik/values.yaml @@ -376,6 +376,22 @@ middlewares: addPrefix: [] # - name: addPrefixName # prefix: "/foo" + geoBlockVersion: v0.2.3 + geoBlock: [] + # -- https://github.com/PascalMinder/geoblock + # - name: geoBlockName + # allowLocalRequests: true + # logLocalRequests: false + # logAllowedRequests: false + # logApiRequests: false + # api: https://get.geojs.io/v1/ip/country/{ip} + # apiTimeoutMs: 500 + # cacheSize: 25 + # forceMonthlyUpdate: true + # allowUnknownCountries: false + # unknownCountryApiResponse: nil + # countries: + # - RU portalhook: enabled: true diff --git a/templates/questions/traefik/geoBlockMiddleware.yaml b/templates/questions/traefik/geoBlockMiddleware.yaml new file mode 100644 index 00000000000..0a73307c918 --- /dev/null +++ b/templates/questions/traefik/geoBlockMiddleware.yaml @@ -0,0 +1,99 @@ + - variable: geoBlock + label: GeoBlock + schema: + type: list + default: [] + items: + - variable: geoBlockEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to geoblock + schema: + type: string + required: true + default: "" + - variable: allowLocalRequests + label: Allow Local Requests + description: If set to true, will not block request from Private IP Ranges + schema: + type: boolean + default: true + - variable: logLocalRequests + label: Log Local Requests + description: If set to true, will log every connection from any IP in the private IP range + schema: + type: boolean + default: false + - variable: logAllowedRequests + label: Log Allowed Requests + description: If set to true, will show a log message with the IP and the country of origin if a request is allowed. + schema: + type: boolean + default: false + - variable: logApiRequests + label: Log API Requests + description: If set to true, will show a log message for every API hit. + schema: + type: boolean + default: false + - variable: api + label: API + description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL. + schema: + type: string + required: true + default: https://get.geojs.io/v1/ip/country/{ip} + - variable: apiTimeoutMs + label: API Timeout in ms + description: Timeout for the call to the api uri. + schema: + type: int + required: true + default: 500 + - variable: cacheSize + label: Cache Size + description: Defines the max size of the LRU (least recently used) cache. + schema: + type: int + required: true + default: 25 + - variable: forceMonthlyUpdate + label: Force Monthly Update + description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month. + schema: + type: boolean + default: true + - variable: allowUnknownCountries + label: Allow Unknown Countries + description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed. + schema: + type: boolean + default: false + - variable: unknownCountryApiResponse + label: Unknown Countries API Response + description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested. + schema: + type: string + required: true + default: nil + - variable: countries + label: Blocked Countries + schema: + type: list + default: [] + items: + - variable: blockedCountryEntry + label: Blocked Country + description: Country codes (2 characters) from which connections to the service should be allowed. + schema: + type: string + required: true + # Allow only 2 Characters + valid_chars: '^[a-zA-Z]{2}$' + default: ""