Expose K8s POD to single/range of External IPs
Question
We would like to expose our POD to external IP. If we would use AWS LB then it will be available to the public. Are there any alternative solutions?
Here is what I did so far:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "testing"
},
"spec": {
"ports": [{
"port": 80,
"targetPort": 8080
}],
"selector": {
"app": "testing"
},
"type": "LoadBalancer"
}
}
We like to expose it to only a single IP or a range of external IPs.
2 answers
solution1
2 2020-02-25 07:05:00
You can use the .spec.loadBalancerSourceRanges key, as documented in the docs :
This field takes a list of IP CIDR ranges, which Kubernetes will use to configure firewall exceptions. This feature is currently supported on Google Compute Engine, Google Kubernetes Engine, AWS Elastic Kubernetes Service, Azure Kubernetes Service, and IBM Cloud Kubernetes Service
solution2
0 2020-02-24 17:33:02
You can use ingress abstraction of kubernetes and use nginx ingress controller as an implementation of that.Nginx provides whitelisting of source IP range.
AWS ALB ingress controller has a annotation alb.ingress.kubernetes.io/inbound-cidrs which does provide the same feature.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.