Related

Product Managed Kubernetes on DigitalOcean Product
Let's Encrypt subdomain configuration best way Question Question
Server1 <-> server2 setup? Question Question

Question

limit ip access to the load balancer

Posted January 1, 2019 16.3k views
DebianFirewallLoad BalancingKubernetes

Hey everyone,
I have read a thread in the official Kubernetes
https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
i wanted to know how do i implement what they explained but on digital ocean kubernetes.

Thank You in advance!

Add a comment
eitan126f8bb6a54aed01de216
By:
eitan126f8bb6a54aed01de216
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
12 answers
nick2be1e98dbb917a3959b2de November 2, 2019

not having loadBalancerSourceRanges is quite a concern for us. Please look at implementing this DigitalOcean!

Reply Report
btech December 30, 2019

loadBalancerSourceRanges is our big concern about using kubernetes on DO!!! Hope it would be on the feature list…

Reply Report
alton February 19, 2019

i tried loadBalancerSourceRanges: and it does not appear to be supported by DO.

I also tried DO Firewalls with no success. it is not clear how DO firewalls can limit load balancer traffic to our private IP addresses.

my objective for using the load balancer is to expose services to other kubernetes clusters (or other droplets) in the same region via static IP without exposing it publicly.

Reply Report
jackt April 7, 2019

I’m also posting to confirm that loadBalancerSourceRanges did not work for me in the k8s LoadBalancer config. Since all traffic to the pods are directed through the Kubernetes controllers, it also means that we can’t rely on the normal firewall product (as the source IP’s are of the Kubernetes internal services).

As far as I can tell, you cannot currently use the firewall product with Kubernetes.

Reply Report
2tunnels December 11, 2019

Same here. loadBalancerSourceRanges doesn’t work.

Reply Report
zakaria January 22, 2020

Same here, it would be nice to have this option, as there is no direct way to secure the Ingress controller without getting fancy with the nginx configuration.

Reply Report
TillmanZ January 29, 2020

Yes, please all the load balancers to be ingress limited.
On a side note I just tried to “+1” which the system dismissed as spam… ;)

Reply Report
Dunegan March 10, 2020

While admittedly this has always been a weakness of DO’s load balancing service, it is particularly dangerous with DOKS given the lack of control customers have over the security configuration and hardening standards of DOKS pool droplets.

Reply Report
cgdstnc April 1, 2020

It is extremely frustrating that i can not limit access my load balancer. Is there a future plan to support loadBalancerSourceRanges?

Reply Report
wadenick January 2, 2019

Hey friend, our load balancers are a managed service and team up nicely with our cloud firewalls, this is a route I’d suggest (and that we use for ourselves) and the firewalls will apply to the DOKS clusters–we’ll handle the LBs for you– you can find the firewall docs here: https://www.digitalocean.com/docs/networking/firewalls/

Reply Report
  • maxnasonov March 13, 2019

    Hello. Are there any practical instructions how to configure it? I’ve tried to setup firewall for nodes but it wasn’t really helpful because LB connect to a node via private network and the firewall rules are not being applied to the LB itself.

    Update: nevermind, other discussions state that it is not currently possible.

    Reply Report
  • matthewmarich July 17, 2020
    [deleted]
    Reply Report
mcandrey April 30, 2019

Looks like nor Firewall doesn’t work with k8s :(

Reply Report
cerwik May 16, 2019

Same here, how to limit the access to Ingress Ip which seem to be DO LoadBalncer product? this is quite critical feature

Reply Report
matthewmarich July 17, 2020
[deleted]
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help