Whitelisted IP not working with Nginx-Ingress Load Balancer

I deployed an App that is running fine in my cluster. During the cluster creation I installed the Nginx-Ingress, created a k8s Ingress and configured the Forwarding Rules of the load balancer as HTTPS with a valid certificate. All this is working fine. My Ingress is as follows:

kind: Ingress
  name: my-ingress
  annotations: "true" "nginx" Local
  - host:
      - path: /api
        pathType: Prefix
            name: bkendapi
              number: 8005
      - path: /rec
        pathType: Prefix
            name: bkendrec
              number: 5005

All this is working fine.

Now I am trying to add a Whitelist, this is the first time I am doing it, to do so I added the following line under annotations.

Where the is an IP of a specific DO droplet that will connect to the cluster. But now everything get blocked, I can not access the cluster from the whitelisted IP or from anywhere else. I tried different IPs but failed.

Please, what am I doing wrong/missing?



I also tried the whitelisting with a Load Balancer loadBalancerSourceRanges: However I faced the same issue explained above, it blocks everything.

I bumped in a post ( complaining about the same issue. Therefore I believe DO has not implemented IP block/whitelist in their kubernetes.

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I contacted DO about this issue (end of November 2020). They told me what I am trying to do is not possible as they did not implemented whitelisting in their kubernetes. Their reply stated:

Whitelisting isn’t supported on our clusters. When nodes are recycled, their IP is commonly replaced and there is no option to save these IPs or realistically create white lists as these change. We typically recommend placing something like a Droplet in front of the cluster as a gateway that can be whitelisted.

Therefore I will switch back to the default LoadBalancer (without Nginx-Ingress) as the sole reason that I tried to use it was because of the whitelisting.