roger/k3s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(homeassistant): trust k3s pod/service CIDRs as X-Forwarded-For proxies

Browse Source 
HA runs with hostNetwork on roger-nucbox-evo-x2 while Traefik runs on the
raspberrypi node, so requests arrive at HA from 10.88.20.11. The previous
trusted_proxies entry (10.88.88.0/24) did not include this address, causing
HA to reject X-Forwarded-For and return 400 on every ingress request.
This commit is contained in:
Roger Oriol
2026-06-26 11:58:46 +02:00
parent ab6b5dc407
commit e77e170421
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
homeassistant/homeassistant.yaml
View File

@@ -32,7 +32,9 @@ data:
http: http:
use_x_forwarded_for: true use_x_forwarded_for: true
trusted_proxies: trusted_proxies:
- 10.88.88.0/24 - 10.42.0.0/16 # k3s pod CIDR (Traefik pod lives here)
- 10.43.0.0/16 # k3s service CIDR
- 10.88.20.0/24 # node subnet (Traefik runs hostNetwork-ish, forwards from 10.88.20.11)
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment