If you are using ingress-nginx controller to route your web services, it is accessible from the whole internet. This is definitely not what you want. Among with other security protection, you might want to consider to set a white list for who can access your web services.
The solution is pretty simple. Just use the 'loadBalancerSourceRanges' to set these IPs for your white list.
Basically, your ingress controller service will be defined as something like this:
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
loadBalancerSourceRanges:
- x.x.x.x/32
To make it happen, add following to your values.yaml file (replace x.x.x.x with your white list IPs separated by comma) and apply such change to your ingress-nginx controller:
controller:
service:
loadBalancerSourceRanges: [x.x.x.x/32]
No comments:
Post a Comment