Can we set priority for the middlewares in traefik v2?

6/18/2019

Using the v1.7.9 in kubernetes I'm facing this issue:

if I set a rate limit (traefik.ingress.kubernetes.io/rate-limit) and custom response headers (traefik.ingress.kubernetes.io/custom-response-headers) then when a request gets rate limited, the custom headers won't be set. I guess it's because of some ordering/priority among these plugins. And I totally agree that reaching the rate-limit should return the response as soon as is possible, but it would be nice, if we could modify the priorities if we need.

The question therefore is: will we be able to set priorities for the middlewares?

I couldn't find any clue of it in the docs nor among the github issues.

Concrete use-case:

I want CORS-policy headers to always be set, even if the rate-limiting kicked in. I want this because my SPA won't get the response object otherwise, because the browser won't allow it:

Access to XMLHttpRequest at 'https://api.example.com/api/v1/resource' from origin 'https://cors.exmaple.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In this case it would be a fine solution if i could just set the priority of the headers middleware higher than the rate limit middleware.

-- smatyas
kubernetes
traefik
traefik-ingress

3 Answers

8/31/2019

In the v2, the middlewares can ordered in the order you want, you can put the same type of middleware several times with different configurations on the same route.

https://docs.traefik.io/v2.0/middlewares/overview/

-- ldez
Source: StackOverflow

6/19/2019

Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

1. Try while testing on you local machine, replaced localhost with your local IP. You had to achieve CORS by the following line of code request.withCredentials = true; where request is the instance of XMLHttpRequest. CORS headers has to be added to the backend server to allow cross origin access.

2. You could just write your own script which will be responsible for executing rate limit middleware after headers middleware.

-- MaggieO
Source: StackOverflow

9/2/2019

For future reference, a working example that demonstrates such an ordering is here:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ratelimit
spec:
  rateLimit:
      average: 100
      burst: 50
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: response-header
spec:
  headers:
    customResponseHeaders:
      X-Custom-Response-Header: "value"
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute
spec:
# more fields...
  routes:
    # more fields...
    middlewares: # the middlewares will be called in this order
    - name: response-header
    - name: ratelimit

I asked the same question on the Containous' community forum: https://community.containo.us/t/can-we-set-priority-for-the-middlewares-in-v2/1326

-- smatyas
Source: StackOverflow