We would like to expose our POD
to external IP. If we would use AWS LB
then it will be available to the public. Are there any alternative solutions?
Here is what I did so far:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "testing"
},
"spec": {
"ports": [{
"port": 80,
"targetPort": 8080
}],
"selector": {
"app": "testing"
},
"type": "LoadBalancer"
}
}
We like to expose it to only a single IP or a range of external IPs.
You can use the .spec.loadBalancerSourceRanges
key, as documented in the docs :
This field takes a list of IP CIDR ranges, which Kubernetes will use to configure firewall exceptions. This feature is currently supported on Google Compute Engine, Google Kubernetes Engine, AWS Elastic Kubernetes Service, Azure Kubernetes Service, and IBM Cloud Kubernetes Service
You can use ingress abstraction of kubernetes and use nginx ingress controller as an implementation of that.Nginx provides whitelisting of source IP range.
AWS ALB ingress controller has a annotation alb.ingress.kubernetes.io/inbound-cidrs
which does provide the same feature.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.