I am trying to whitelist IPs that can access my application. I created http-balancer by following this tutorial. https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer
After creating the service with NodePort I created an ingress.yaml file that looks like the one below. I have created a global static ip and setup a domain name.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: <global-static-ip>
spec:
rules:
- host: <domain_name>
- http:
paths:
- path: /*
backend:
serviceName: nginx
servicePort: 80This above yaml file works fine and I am able to access the "Welcome to Nginx" page.
But when I add the IPs to be whitelisted it does not seem to work and still allows other IPs that are not whitelisted.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: <global-static-ip>
ingress.kubernetes.io/whitelist-source-range: "xx.xx.xx.xxx/32"
spec:
rules:
- host: <domain_name>
- http:
paths:
- path: /*
backend:
serviceName: nginx
servicePort: 80Reference: http://container-solutions.com/kubernetes-quick-tip/ https://docs.giantswarm.io/guides/advanced-ingress-configuration/
The references you provided use the Nginx-based ingress controller.
Ingress on GKE uses http(s) load balancer. Currently the http(s) load balancer on GCP does not support the firewall rules to allow or deny traffic by IPs.
You can:
Block the source ip in web server or application by yourself.
Or
Try to install nginx-based ingress controller.
I have not worked with Ingress but as per normal nginx rules you need to deny all and then allow the whitelist IPS
`location / {
proxy_pass https://xxx.xx.xx.xx:8080
allow xx.xx.xx.xxx/32;
deny all;
allow xx.xx.xx.xxx/32;
}`
Which inturn wont allow your non-Whitelisted IP's.