We would like to expose our POD to external IP. If we would use AWS LB then it will be available to the public. Are there any alternative solutions?
Here is what I did so far:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "testing"
},
"spec": {
"ports": [{
"port": 80,
"targetPort": 8080
}],
"selector": {
"app": "testing"
},
"type": "LoadBalancer"
}
}
We like to expose it to only a single IP or a range of external IPs.
You can use ingress abstraction of kubernetes and use nginx ingress controller as an implementation of that.Nginx provides whitelisting of source IP range.
AWS ALB ingress controller has a annotation alb.ingress.kubernetes.io/inbound-cidrs which does provide the same feature.
You can use the .spec.loadBalancerSourceRanges key, as documented in the docs:
This field takes a list of IP CIDR ranges, which Kubernetes will use to configure firewall exceptions. This feature is currently supported on Google Compute Engine, Google Kubernetes Engine, AWS Elastic Kubernetes Service, Azure Kubernetes Service, and IBM Cloud Kubernetes Service