nginx ingress controller on Google Kubernetes Engine firewall rules

4/3/2020

I have installed the nginx ingress controller on GKE from https://github.com/kubernetes/ingress-nginx via helm chart

it does create the controller and also an firewall rule. The rule is open for all public ips. Is there a way to restrict this via the helm chart ?

if not any way go get the auto generated firewall rule via terraform and adjust ? the name of the firewall rule looks like this: k8s-fw-a8301409696934895b9facd9232892dc

Thanks

-- FreshMike
google-cloud-networking
google-kubernetes-engine
kubernetes
nginx-ingress
terraform-provider-gcp

1 Answer

4/4/2020

nginx ingress creates a loadBalancer service to expose it on GKE. You can define the spec.loadBalancerSourceRanges field in the service definition with the IPs you would like to allow access, all other IPs will be filtered. The default value for this field is 0.0.0.0 and the GCE firewall rules are created based on this field.

Note that you can also leverage the Nginx ingress controller to limit which IPs can connect, however, this still allows alls traffic to reach the node.

-- Patrick W
Source: StackOverflow