Is there a way to protect endpoints from public access and/or only a list of IPs to have access to it like on nginx-ingress-controller (NLB) with the snippet-server annotation?
Thanks
Nginx-ingress has annotation whitelist-source-range
You can specify allowed client IP source ranges through the
nginx.ingress.kubernetes.io/whitelist-source-rangeannotation. The value is a comma separated list of CIDRs, e.g.10.0.0.0/24,172.10.0.1.
For access control in LoadBalancer you could use following annotation:
alb.ingress.kubernetes.io/inbound-cidrs
specifies the CIDRs that are allowed to access LoadBalancer.
Example:
alb.ingress.kubernetes.io/inbound-cidrs: 10.0.0.0/24this annotation will be ignored if alb.ingress.kubernetes.io/security-groups is specified.
Also alb.ingress.kubernetes.io/security-groups which specifies the securityGroups you want to attach to LoadBalancer.
When this annotation is not present, the controller will automatically create 2 security groups: the first security group will be attached to the LoadBalancer and allow access from
inbound-cidrsto thelisten-ports. The second security group will be attached to the EC2 instance(s) and allow all TCP traffic from the first security group created for the LoadBalancer.
Example:
alb.ingress.kubernetes.io/security-groups: sg-xxxx, nameOfSg1, nameOfSg2