ingress Whitelisting白名单机制

Whitelisting

---

To restrict the service in a way that only a list of IPs can access it, modify the ingress_rules.yaml to add the whitelist-source-range annotation:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-rules
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.65.3/32'
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - localhost
    secretName: tls-secret
  rules:
  - host: localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: dni-function
          servicePort: 80

and deploy:

kubectl apply -f ./ingress_rules.yaml

Feel free to try different ranges and understand how you can block or enable access to your service.

 

实例配置：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/service-weight: ''
    nginx.ingress.kubernetes.io/whitelist-source-range: 220.191.163.50
  creationTimestamp: '2019-08-22T03:13:22Z'
  generation: 1
  name: dev-operation.weifeng.com
  namespace: weifeng-test
  resourceVersion: '15672384'
  selfLink: >-
    /apis/extensions/v1beta1/namespaces/xitu-test/ingresses/dev-operation.xitu.com
  uid: cca4d52e-c48a-11e9-b6f0-00163e08f1b1
spec:
  rules:
    - host: dev-operation。weifeng.com
      http:
        paths:
          - backend:
              serviceName: dev-platform-nginx
              servicePort: 80
            path: /
status:
  loadBalancer:
    ingress:
      - ip: 10******.38

　　

设置白名单只允许 220.191.163.50 出网ip地址访问