K
Q

K8S service load balancer annotation for sg source ips

9/26/2019

I have k8s cluster deployed over aws. I created load balancer service with annotation of : service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" now, I saw that k8s created new elb attached to a sg with outbound role 443 opened to 0.0.0.0/0. I tried to take a look and see if there's additional annotation that manage source ip's (pre defined ip's instead the 0.0.0.0) and couldn't find. Do you know if there's kind of option to manage this as part of annotations ?

-- Roee Rakovsky
amazon-elb
amazon-web-services
kops
kubernetes

Similar Questions

Env vars lost when building docker image from Gitlab CI
How to import existing git project into Jenkins X that has multiple micro services?
how to resolve Cannot GET / in a kubernetes deployment?
CI/CD pipeline with net core, containers and jenkins
Kubectl run with replicas

1 Answer

9/26/2019

Make use of loadBalancerSourceRanges in loadbalancer service resource as described here.

apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  ports:
  - port: 8765
    targetPort: 9376
  selector:
    app: example
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 10.0.0.0/8

Update:

In case of nginx-ingress you can use nginx.ingress.kubernetes.io/whitelist-source-range annotation.

For more info check this.

-- mchawre
Source: StackOverflow