1

I have number of IPs and I want only to allow those IP into my ingress

I know I can do this with in my ingress annotations,

nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/16

But what I want is that I have multiple IPS and not only 10.0.0.0/16 So If for example I have IPs like 178.1.0.2/17,10.0.0.0/16,178.2.0.3/18 and I only want to allow this IPs to my ingress then how can I acheive that.

xoxocoder
  • 294
  • 3
  • 15

1 Answers1

4

If you are using Nginx Ingress you can do it adding specific annotation whitelist-source-range.

nginx.ingress.kubernetes.io/whitelist-source-range

You can specify allowed client IP source ranges through the nginx.ingress.kubernetes.io/whitelist-source-range annotation. The value is a comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.

To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.

Also keep in mind that:

Adding an annotation to an Ingress rule overrides any global restriction.

Also if you would like to use Ingress Whitelist IP for Path you can check this thread.

Example:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: frontend
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/16,178.2.0.3/18,178.1.0.2/17
spec:
  rules:
    - host: something.something.com
      http:
        paths:
          - path: /app1
            backend:
              serviceName: app1
              servicePort: 80
          - path: /api
            backend:
              serviceName: api
              servicePort: 8000

ingress.extensions/frontend created
PjoterS
  • 12,841
  • 1
  • 22
  • 54
  • 1
    what if i am not using nginx – xoxocoder Aug 27 '20 at 10:27
  • Please specify why ingress you want to use. Default Kubernetes, default cloud ingress, traefik, etc? For example traefik is using [IPWhitelist](https://docs.traefik.io/middlewares/ipwhitelist/). – PjoterS Aug 27 '20 at 10:53