Whitelisting
To restrict the service in a way that only a list of IPs can access it, modify the ingress_rules.yaml to add the whitelist-source-range annotation:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-rules
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.65.3/32'
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- localhost
secretName: tls-secret
rules:
- host: localhost
http:
paths:
- path: /
backend:
serviceName: dni-function
servicePort: 80
and deploy:
kubectl apply -f ./ingress_rules.yaml
Feel free to try different ranges and understand how you can block or enable access to your service.
实例配置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/service-weight: ''
nginx.ingress.kubernetes.io/whitelist-source-range: 220.191.163.50
creationTimestamp: '2019-08-22T03:13:22Z'
generation: 1
name: dev-operation.weifeng.com
namespace: weifeng-test
resourceVersion: '15672384'
selfLink: >-
/apis/extensions/v1beta1/namespaces/xitu-test/ingresses/dev-operation.xitu.com
uid: cca4d52e-c48a-11e9-b6f0-00163e08f1b1
spec:
rules:
- host: dev-operation。weifeng.com
http:
paths:
- backend:
serviceName: dev-platform-nginx
servicePort: 80
path: /
status:
loadBalancer:
ingress:
- ip: 10******.38
设置白名单只允许 220.191.163.50 出网ip地址访问