Kubernetes ingress-nginx Azure loadbalancer - enabling whitelisting

ingress-nginx-local.json

# In order for the nginx-ingress controller to correctly process the `nginx.ingress.kubernetes.io/whitelist-source-range` annotation
# it is necessary to set the `externalTrafficPolicy` to  `Local` from `Cluster`.  This allows the external IP to be visible to the 
# controller, rather than the internal addressing (resultng in 403's for all sources).

# template of a "patch" can be found in the main project: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/azure/service.yaml

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "austere-rattlesnake-nginx-ingress-controller",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/services/austere-rattlesnake-nginx-ingress-controller",
    "uid": "2d4773d5-2c42-11e8-b9b2-0a58ac1f041c",
    "resourceVersion": "131544",
    "creationTimestamp": "2018-03-20T13:25:37Z",
    "labels": {
      "app": "nginx-ingress",
      "chart": "nginx-ingress-0.11.1",
      "component": "controller",
      "heritage": "Tiller",
      "release": "austere-rattlesnake"
    }
  },
  "spec": {
    "ports": [
      {
        "name": "http",
        "protocol": "TCP",
        "port": 80,
        "targetPort": 80,
        "nodePort": 31092
      },
      {
        "name": "https",
        "protocol": "TCP",
        "port": 443,
        "targetPort": 443,
        "nodePort": 31512
      }
    ],
    "selector": {
      "app": "nginx-ingress",
      "component": "controller",
      "release": "austere-rattlesnake"
    },
    "clusterIP": "10.0.9.72",
    "type": "LoadBalancer",
    "sessionAffinity": "None",
    "externalTrafficPolicy": "Local",
    "healthCheckNodePort": 32267
  },
  "status": {
    "loadBalancer": {
      "ingress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    }
  }
}