[英]Ingress ip whitelisting on load balancer - aws k8s
I am trying to use the Security group to allow https traffic only from a particular IP.我正在尝试使用安全组仅允许来自特定 IP 的 https 流量。 I have created the Ingress Service and resource.我已经创建了 Ingress 服务和资源。 (ref: NGINX Controller (参考: NGINX 控制器
I tried configuring below on Ingress Service.我尝试在 Ingress 服务上进行以下配置。
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {cert}
# the backend instances are HTTP
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
# Map port 443
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: {SG Allowing ingres from IP}
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: http
I tried below on resource as well.我也在下面尝试过资源。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: {SG Allowing ingres from IP}
ingress.kubernetes.io/whitelist-source-range: "IP"
spec:
rules:
- host: test.com
http:
paths:
- backend:
serviceName: backend
servicePort: 8080
path: /
What am I missing?我错过了什么?
I see auto-generated SG on load balancer which allows all inbound traffic.我在负载均衡器上看到自动生成的 SG,它允许所有入站流量。 But I'm not sure if its created by service or resource.但我不确定它是由服务还是资源创建的。 And if its ok to edit that directly.如果可以直接编辑它。
Update: Autogenerated SG更新:自动生成的 SG
I added another SG which limits IP for ingress but doesn't get applied.我添加了另一个 SG,它限制了入口的 IP,但没有得到应用。
In your service definition of ingress add the following section在入口的服务定义中添加以下部分
spec:
loadBalancerSourceRanges: //add this section
- 127.0.0.1/32
- 28.50.20.12/31
type: LoadBalancer
The default behavior is that when you don't specify loadBalancerSourceRanges
it default into 0/0默认行为是,当您不指定loadBalancerSourceRanges
它默认为 0/0
Hope this helps.希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.