Question

Whitelisted IP not working with Nginx-Ingress Load Balancer

I deployed an App that is running fine in my cluster. During the cluster creation I installed the Nginx-Ingress, created a k8s Ingress and configured the Forwarding Rules of the load balancer as HTTPS with a valid certificate. All this is working fine. My Ingress is as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/externalTrafficPolicy: Local
spec:
  rules:
  - host: dev.mysite.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: bkendapi
            port:
              number: 8005
      - path: /rec
        pathType: Prefix
        backend:
          service:
            name: bkendrec
            port:
              number: 5005

All this is working fine.

Now I am trying to add a Whitelist, this is the first time I am doing it, to do so I added the following line under annotations.

nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx

Where the xxx.xxx.xxx.xxx is an IP of a specific DO droplet that will connect to the cluster. But now everything get blocked, I can not access the cluster from the whitelisted IP or from anywhere else. I tried different IPs but failed.

Please, what am I doing wrong/missing?

Thanks!

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I contacted DO about this issue (end of November 2020). They told me what I am trying to do is not possible as they did not implemented whitelisting in their kubernetes. Their reply stated:

Whitelisting isn’t supported on our clusters. When nodes are recycled, their IP is commonly replaced and there is no option to save these IPs or realistically create white lists as these change. We typically recommend placing something like a Droplet in front of the cluster as a gateway that can be whitelisted.

Therefore I will switch back to the default LoadBalancer (without Nginx-Ingress) as the sole reason that I tried to use it was because of the whitelisting.