Question
How to set up IP whitelist on DigitalOcean Kubernetes?
I’ve set up whitelist annotation on my ingress, on Kubernetes cluster, but in logs there are wrong IP-s, so it doesn’t work.
Here is ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/whitelist-source-range: '10.0.0.0/8,X.X.X.X'
spec:
rules:
- host: web.manitestdomain.com
http:
paths:
- backend:
serviceName: service
servicePort: 80
And testing configuration:
$ curl ipinfo.io/ip
X.X.X.X
Then:
$ curl -I web.manitestdomain.com
HTTP/1.1 403 Forbidden
Server: openresty/1.15.8.2
Date: Mon, 02 Mar 2020 12:45:24 GMT
Content-Type: text/html
Content-Length: 159
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains
And logs from ingress-controller:
167.71.33.9 - - [02/Mar/2020:12:45:24 +0000] "HEAD / HTTP/1.1" 403 0 "-" "curl/7.65.3" 84 0.000 [service-80] [] - - - -
So my IP was X.X.X.X and ingress controller received 167.71.33.9.
Why is it happening and how can I fix it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×