Middleware for IP Whitelisting?

[mattylight22]

Hi everyone, is it possible to create a custom middleware for Kourier to perform IP whitelisting? I found this code snippet online but I'm not sure if it's legit or how to integrate it. Any ideas or even someone telling me it's not possible would be appreciated.

---

In this example, the IpFilterMiddleware function takes a list of allowed IP addresses and returns a middleware that checks the incoming request's IP address against the allowed IPs. If the incoming IP address is not in the list of allowed IPs, it will return a 403 Forbidden error. If the incoming IP address is allowed, the request will be passed on to the next middleware or handler.

You can use this middleware in your Kourier configuration by adding it to the desired routes. This can be done using a Kubernetes ConfigMap and a RouteRule resource in Istio.

package main

import (
	"net/http"
	"strings"
)

func IpFilterMiddleware(allowedIps []string) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			clientIp := strings.Split(r.RemoteAddr, ":")[0]
			allowed := false
			for _, ip := range allowedIps {
				if clientIp == ip {
					allowed = true
					break
				}
			}
			if !allowed {
				http.Error(w, "Forbidden", http.StatusForbidden)
				return
			}
			next.ServeHTTP(w, r)
		})
	}
}

[ReToCode]

Hi @mattnick89

Kourier is using envoy to route requests. Your example is using golang http.Handlers, so this would not work. You'd need to modify kourier to configure envoy to use the RBAC feature of envoy. You'd need to dig quite deep in the kourier implementation and rebuild the image yourself. Maybe you could also explore other options, like limiting traffic before it hits kourier (maybe something outside of your cluster)?

[mattylight22]

@ReToCode Thank you for your help