Question

limit ip access to the load balancer

Hey everyone, I have read a thread in the official Kubernetes https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ i wanted to know how do i implement what they explained but on digital ocean kubernetes.

Thank You in advance!

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

loadBalancerSourceRanges is our big concern about using kubernetes on DO!!! Hope it would be on the feature list…

not having loadBalancerSourceRanges is quite a concern for us. Please look at implementing this DigitalOcean!

i tried loadBalancerSourceRanges: and it does not appear to be supported by DO.

I also tried DO Firewalls with no success. it is not clear how DO firewalls can limit load balancer traffic to our private IP addresses.

my objective for using the load balancer is to expose services to other kubernetes clusters (or other droplets) in the same region via static IP without exposing it publicly.

I’m also posting to confirm that loadBalancerSourceRanges did not work for me in the k8s LoadBalancer config. Since all traffic to the pods are directed through the Kubernetes controllers, it also means that we can’t rely on the normal firewall product (as the source IP’s are of the Kubernetes internal services).

As far as I can tell, you cannot currently use the firewall product with Kubernetes.

It’s been almost 2 years ago since the original post/request was made to have a basic ingress ACL for the DO Load Balancer product. Any ETA on when this will become an option?

Also requesting this functionality…

Almost December 2020. I am still waiting the loadBalancerSourceRanges feature.

This comment has been deleted

It is extremely frustrating that i can not limit access my load balancer. Is there a future plan to support loadBalancerSourceRanges?

While admittedly this has always been a weakness of DO’s load balancing service, it is particularly dangerous with DOKS given the lack of control customers have over the security configuration and hardening standards of DOKS pool droplets.