K8S service load balancer annotation for sg source ips

9/26/2019

I have k8s cluster deployed over aws. I created load balancer service with annotation of : service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" now, I saw that k8s created new elb attached to a sg with outbound role 443 opened to 0.0.0.0/0. I tried to take a look and see if there's additional annotation that manage source ip's (pre defined ip's instead the 0.0.0.0) and couldn't find. Do you know if there's kind of option to manage this as part of annotations ?

-- Roee Rakovsky
amazon-elb
amazon-web-services
kops
kubernetes

1 Answer

9/26/2019

Make use of loadBalancerSourceRanges in loadbalancer service resource as described here.

apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  ports:
  - port: 8765
    targetPort: 9376
  selector:
    app: example
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 10.0.0.0/8

Update:

In case of nginx-ingress you can use nginx.ingress.kubernetes.io/whitelist-source-range annotation.

For more info check this.

-- mchawre
Source: StackOverflow