roger/k3s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: roger:ec947bd58a6812e874ee999b88d888134f930f63
Branches Tags
roger:main
...
compare: roger:da2bae6fa5d6a94e2994e42cf92ec12f9be95629
Branches Tags
roger:main

2 Commits
ec947bd58a ... da2bae6fa5

Author SHA1 Message Date
Roger Oriol
da2bae6fa5 Merge branch 'main' of https://git.rogi.casa/roger/k3s-cluster 2026-06-26 12:01:29 +02:00
Roger Oriol
e77e170421 fix(homeassistant): trust k3s pod/service CIDRs as X-Forwarded-For proxies 
HA runs with hostNetwork on roger-nucbox-evo-x2 while Traefik runs on the
raspberrypi node, so requests arrive at HA from 10.88.20.11. The previous
trusted_proxies entry (10.88.88.0/24) did not include this address, causing
HA to reject X-Forwarded-For and return 400 on every ingress request.
 2026-06-26 11:58:46 +02:00
1 changed files with 3 additions and 1 deletions
Expand all files Collapse all files

4
homeassistant/homeassistant.yaml
View File

@@ -32,7 +32,9 @@ data:
http: http:
use_x_forwarded_for: true use_x_forwarded_for: true
trusted_proxies: trusted_proxies:
- 10.88.88.0/24 - 10.42.0.0/16 # k3s pod CIDR (Traefik pod lives here)
- 10.43.0.0/16 # k3s service CIDR
- 10.88.20.0/24 # node subnet (Traefik runs hostNetwork-ish, forwards from 10.88.20.11)
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment