K
Q

Customizing vhost config with nginx/traefik ingress controllers

9/30/2018

I have a service that serves several /locations. I would like to make a single location /how/very/special reachable by any IP while keeping every other /location accessible only to a list of trusted IPs (which is trivial to do when you can

What is the best-practice way to achieve this via traefik or ingress controllers? Is a sidecar nginx the only way to add this logic?

-- strzelecki.maciek
kubernetes
kubernetes-ingress
nginx-ingress
traefik

Similar Questions

Is it possible to merge multiple ingresses with the IBM Cloud Kubernetes Service?
How to access Logs of Pods in Kubernetes after its deletion
There is an error in the value of the log outputted int
What's the difference between Kubernetes and Kubernetes Engine?
kubernetes preStop gracefull shutdown timeout without hook
restrict unauthorized login in openshift
Can't read configMap with name: [my-configmap] in namespace:[my-namespace]. Ignoring
odoo in k8s: Odoo pod running then crashing

1 Answer

10/1/2018

You can achieve that by using Nginx ingress controller in Kubernetes as standing in documentation https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#user-content-whitelist-source-range

You can specify allowed client IP source ranges through the nginx.ingress.kubernetes.io/whitelist-source-range annotation. The value is a comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.

To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.

!!! note Adding an annotation to an Ingress rule overrides any global restriction.

So as default you should put your trusted IP CIDRS in Nginx ConfigMap and override that rule only for /how/very/special by setting CIDR to 0.0.0.0/0

-- Jakub Bujny
Source: StackOverflow