K
Q

nginx ingress controller on Google Kubernetes Engine firewall rules

4/3/2020

I have installed the nginx ingress controller on GKE from https://github.com/kubernetes/ingress-nginx via helm chart

it does create the controller and also an firewall rule. The rule is open for all public ips. Is there a way to restrict this via the helm chart ?

if not any way go get the auto generated firewall rule via terraform and adjust ? the name of the firewall rule looks like this: k8s-fw-a8301409696934895b9facd9232892dc

Thanks

-- FreshMike
google-cloud-networking
google-kubernetes-engine
kubernetes
nginx-ingress
terraform-provider-gcp

Similar Questions

Recover deleted namespace Kubernetes
Redis Pods are not able to join Redis cluster
How to add encryption-provider-config option to kube-apiserver?
kubectl apply -f works on PC but not in Gitlab Runner
Run a script after starting tomcat at k8s pod startup

1 Answer

4/4/2020

nginx ingress creates a loadBalancer service to expose it on GKE. You can define the spec.loadBalancerSourceRanges field in the service definition with the IPs you would like to allow access, all other IPs will be filtered. The default value for this field is 0.0.0.0 and the GCE firewall rules are created based on this field.

Note that you can also leverage the Nginx ingress controller to limit which IPs can connect, however, this still allows alls traffic to reach the node.

-- Patrick W
Source: StackOverflow