I use Google Container Engine with Kubernetes. I have created an https load balancer which terminates ssl and forwards traffic to k8s cluster nodes. The problem is I see no option to whitelist/filter incoming ip addresses. Is there any?
相关问题
- Microk8s, MetalLB, ingress-nginx - How to route ex
- How do I change the storage class of existing pers
- Use awslogs with kubernetes 'natively'
- Kubernetes coredns readiness probe failed
- Default certificate on Nginx-ingress
相关文章
- k8s 访问Pod 时好时坏
- Override env values defined in container spec
- How do I create a persistent volume claim with Rea
- cannot find module /srv/server.js - gcloud app eng
- How to obtain the enable admission controller list
- Difference between API versions v2beta1 and v2beta
- MountVolume.SetUp failed for volume “nfs” : mount
- How to save content of a configmap to a file with
It sounds like you've set up a load balancer outside of Kubernetes. You may want to consider using a Kubernetes
Service
set totype: LoadBalancer
. That type of service will give you an external IP that load balances to all of yourPods
and can be easily restricted to whitelist IPs using theloadBalancerSourceRanges
setting. Here is the example from the docs at https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/If you're using gce controller is not yet possible[1], just nginx controller[2] accept whitelist ip.
[1] https://github.com/kubernetes/ingress/issues/566
[2] https://github.com/kubernetes/ingress/blob/188c64aaac17ef29400e0f143b9aed7770e32fee/controllers/nginx/configuration.md#whitelist-source-range