AKS: IP whitelisting (ingress)

5/17/2019

I am trying to whitelist IP(s) on the ingress in the AKS. I am currently using the ingress-nginx not installed with Helm.

The mandatory kubernetes resources can be found here

The service is started as:

spec:
  externalTrafficPolicy: Local

Full yaml here

My ingress definition is:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-ingress
  # namespace: ingress-nginx
  annotations:
    ingress.kubernetes.io/rewrite-target: /
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: "xxx.xxx.xxx.xxx"
spec:
  rules:
  - http:
      paths:
      - path: /xx-xx
        backend:
          serviceName: xx-xx
          servicePort: 8080
      - path: /xx
        backend:
          serviceName: /xx
          servicePort: 5432

The IP whitelisting is not enforced. Am I doing something wrong ?

-- Segmented
azure-aks
kubernetes

1 Answer

5/17/2019

After a lot of digging around I found that the problem is because of this bug in NATing, defined here and there is quick medium read here.

Hope this solves problems for future readers or help track the bug

-- Segmented
Source: StackOverflow