limit ip access to the load balancer

January 1, 2019 13.6k views
Kubernetes Load Balancing Firewall Debian

Hey everyone,
I have read a thread in the official Kubernetes
https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
i wanted to know how do i implement what they explained but on digital ocean kubernetes.

Thank You in advance!

5 Answers

Hey friend, our load balancers are a managed service and team up nicely with our cloud firewalls, this is a route I'd suggest (and that we use for ourselves) and the firewalls will apply to the DOKS clusters–we'll handle the LBs for you– you can find the firewall docs here: https://www.digitalocean.com/docs/networking/firewalls/

  • Hello. Are there any practical instructions how to configure it? I've tried to setup firewall for nodes but it wasn't really helpful because LB connect to a node via private network and the firewall rules are not being applied to the LB itself.

    Update: nevermind, other discussions state that it is not currently possible.

i tried loadBalancerSourceRanges: and it does not appear to be supported by DO.

I also tried DO Firewalls with no success. it is not clear how DO firewalls can limit load balancer traffic to our private IP addresses.

my objective for using the load balancer is to expose services to other kubernetes clusters (or other droplets) in the same region via static IP without exposing it publicly.

I'm also posting to confirm that loadBalancerSourceRanges did not work for me in the k8s LoadBalancer config. Since all traffic to the pods are directed through the Kubernetes controllers, it also means that we can't rely on the normal firewall product (as the source IP's are of the Kubernetes internal services).

As far as I can tell, you cannot currently use the firewall product with Kubernetes.

Looks like nor Firewall doesn't work with k8s :(

Same here, how to limit the access to Ingress Ip which seem to be DO LoadBalncer product? this is quite critical feature

Have another answer? Share your knowledge.