I have been developing a web app living in DO’s managed Kubernetes, and am researching the best way to blacklist Internet ingressed hosts that are an issue. For example, I flag a host as attempting bad authentication attempts too many times. In a VPS hosted environment I would typically do something like run a fail2ban service and let iptables block the hosts based on the fail2ban policies I enable.

In my Kubernetes environment, I have proxy protocol working well, so I can identify hosts that are an issue. What is the best way to actually block those hosts? Is this something I can leverage Cilium Network Policies for, or is there a way to interface with the host system’s iptables?

I am looking for a way I can dynamically (i.e. without a pod/svc restart) block or permit certain hosts at the network layer.

Any help is appreciated,
Thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

hi there,

You could certainly use networkPolicy objects to enforce rules like you described. Another option would be to use a single LB for an ingress controller and then police the traffic at that point. For example you can whitelist source range for the nginx ingress controller: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range

Submit an Answer