I am running a container exposed to internet end secured using client certificates. To be able to accept incoming calls without credentials I want to run a second container that accepts calls from one static ip and forwards the request to the first container. How do I setup ip filtering for the second container? Can I run both containers in one pod or do i need two separate pods?
Yes, LoadBalancer supports IP filtering and you can use selectors to target specific pods, but i don't think you can target specific containers, so you will need to run two pods. LoadBalancer configuration will look something like this.
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
ports:
- port: 8765
targetPort: 9376
selector:
app: example
type: LoadBalancer
loadBalancerSourceRanges:
- 130.211.204.1/32