How to set up IP whitelist on DigitalOcean Kubernetes?
I’ve set up whitelist annotation on my ingress, on Kubernetes cluster, but in logs there are wrong IP-s, so it doesn’t work.
Here is ingress configuration:
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: test annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/whitelist-source-range: '10.0.0.0/8,X.X.X.X' spec: rules: - host: web.manitestdomain.com http: paths: - backend: serviceName: service servicePort: 80
And testing configuration:
$ curl ipinfo.io/ip X.X.X.X
$ curl -I web.manitestdomain.com HTTP/1.1 403 Forbidden Server: openresty/188.8.131.52 Date: Mon, 02 Mar 2020 12:45:24 GMT Content-Type: text/html Content-Length: 159 Connection: keep-alive Strict-Transport-Security: max-age=15724800; includeSubDomains
And logs from ingress-controller:
184.108.40.206 - - [02/Mar/2020:12:45:24 +0000] "HEAD / HTTP/1.1" 403 0 "-" "curl/7.65.3" 84 0.000 [service-80]  - - - -
So my IP was X.X.X.X and ingress controller received 220.127.116.11.
Why is it happening and how can I fix it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×