Network Policy whitelist IP


I'm using Kubernets on IBM Cloud and I'm trying to create a whitelist policy to be applied to the ingress.

I have installed calico to create kubernetes policies

and followed this tutorial

I have also enabled the preservation of the IP source:

When the policy is applied directly to the loadbalancer it works well, instead when is applied to the ingress it doesn't work.

The reason is that the incoming IP address is mapped to the internal IP address of the ingress.

For this reason, the loadbalancer doesn't recognize the IP as an allowed one ( because the IP address of the ingress is not in the whitelist) and the connection is blocked.

Below you can find the schema of the scenario: enter image description here

How can I solve this issue?

-- Leonardo Carraro

0 Answers