DigitalOcean

Report this

What is the reason for this report?
Question

Whitelisted IP not working with Nginx-Ingress Load Balancer

Posted on November 16, 2020
Nginx
DigitalOcean Managed Kubernetes
Load Balancing
Kubernetes
Andre

By Andre

I deployed an App that is running fine in my cluster. During the cluster creation I installed the Nginx-Ingress, created a k8s Ingress and configured the Forwarding Rules of the load balancer as HTTPS with a valid certificate. All this is working fine. My Ingress is as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/externalTrafficPolicy: Local
spec:
  rules:
  - host: dev.mysite.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: bkendapi
            port:
              number: 8005
      - path: /rec
        pathType: Prefix
        backend:
          service:
            name: bkendrec
            port:
              number: 5005

All this is working fine.

Now I am trying to add a Whitelist, this is the first time I am doing it, to do so I added the following line under annotations.

nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx

Where the xxx.xxx.xxx.xxx is an IP of a specific DO droplet that will connect to the cluster. But now everything get blocked, I can not access the cluster from the whitelisted IP or from anywhere else. I tried different IPs but failed.

Please, what am I doing wrong/missing?

Thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Andre
Andre
December 14, 2020

I contacted DO about this issue (end of November 2020). They told me what I am trying to do is not possible as they did not implemented whitelisting in their kubernetes. Their reply stated:

Whitelisting isn’t supported on our clusters. When nodes are recycled, their IP is commonly replaced and there is no option to save these IPs or realistically create white lists as these change. We typically recommend placing something like a Droplet in front of the cluster as a gateway that can be whitelisted.

Therefore I will switch back to the default LoadBalancer (without Nginx-Ingress) as the sole reason that I tried to use it was because of the whitelisting.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.