Whitelisting
To restrict the service in a way that only a list of IPs can access it, modify the ingress_rules.yaml to add the whitelist-source-range annotation:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-rules namespace: default annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.65.3/32' nginx.ingress.kubernetes.io/rewrite-target: / spec: tls: - hosts: - localhost secretName: tls-secret rules: - host: localhost http: paths: - path: / backend: serviceName: dni-function servicePort: 80 and deploy:
kubectl apply -f ./ingress_rules.yaml Feel free to try different ranges and understand how you can block or enable access to your service.
实例配置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/service-weight: ''
nginx.ingress.kubernetes.io/whitelist-source-range: 220.191.163.50
creationTimestamp: '2019-08-22T03:13:22Z'
generation: 1
name: dev-operation.weifeng.com
namespace: weifeng-test
resourceVersion: '15672384'
selfLink: >-
/apis/extensions/v1beta1/namespaces/xitu-test/ingresses/dev-operation.xitu.com
uid: cca4d52e-c48a-11e9-b6f0-00163e08f1b1
spec:
rules:
- host: dev-operation。weifeng.com
http:
paths:
- backend:
serviceName: dev-platform-nginx
servicePort: 80
path: /
status:
loadBalancer:
ingress:
- ip: 10******.38
设置白名单只允许 220.191.163.50 出网ip地址访问