I'm using Kubernets on IBM Cloud and I'm trying to create a whitelist policy to be applied to the ingress.

I have installed calico to create kubernetes policies https://console.bluemix.net/docs/containers/cs_network_policy.html#network_policies

and followed this tutorial https://console.bluemix.net/docs/containers/cs_tutorials_policies.html#lesson2

I have also enabled the preservation of the IP source: https://console.bluemix.net/docs/containers/cs_ingress.html#preserve_source_ip

When the policy is applied directly to the loadbalancer it works well, instead when is applied to the ingress it doesn't work.

The reason is that the incoming IP address is mapped to the internal IP address of the ingress.

For this reason, the loadbalancer doesn't recognize the IP as an allowed one ( because the IP address of the ingress is not in the whitelist) and the connection is blocked.

Below you can find the schema of the scenario:

How can I solve this issue?