I have number of IPs and I want only to allow those IP into my ingress
I know I can do this with in my ingress annotations,
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/16
But what I want is that I have multiple IPS and not only 10.0.0.0/16
So If for example I have IPs like 178.1.0.2/17,10.0.0.0/16,178.2.0.3/18 and I only want to allow this IPs to my ingress then how can I acheive that.
If you are using Nginx Ingress you can do it adding specific annotation whitelist-source-range.
nginx.ingress.kubernetes.io/whitelist-source-range
You can specify allowed client IP source ranges through the nginx.ingress.kubernetes.io/whitelist-source-range annotation. The value is a comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.
To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.
Also keep in mind that:
Adding an annotation to an Ingress rule overrides any global restriction.
Also if you would like to use Ingress Whitelist IP for Path you can check this thread.
Example:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/16,178.2.0.3/18,178.1.0.2/17
spec:
rules:
- host: something.something.com
http:
paths:
- path: /app1
backend:
serviceName: app1
servicePort: 80
- path: /api
backend:
serviceName: api
servicePort: 8000
ingress.extensions/frontend created