I have k8s cluster deployed over aws. I created load balancer service with annotation of : service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" now, I saw that k8s created new elb attached to a sg with outbound role 443 opened to 0.0.0.0/0. I tried to take a look and see if there's additional annotation that manage source ip's (pre defined ip's instead the 0.0.0.0) and couldn't find. Do you know if there's kind of option to manage this as part of annotations ?
Make use of loadBalancerSourceRanges
in loadbalancer service resource as described here.
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
ports:
- port: 8765
targetPort: 9376
selector:
app: example
type: LoadBalancer
loadBalancerSourceRanges:
- 10.0.0.0/8
Update:
In case of nginx-ingress you can use nginx.ingress.kubernetes.io/whitelist-source-range
annotation.
For more info check this.