Skip to content

Instantly share code, notes, and snippets.

@jackofallops
Last active March 23, 2018 08:16
Show Gist options
  • Save jackofallops/36d10860c30b9eefe8311a2a48aac753 to your computer and use it in GitHub Desktop.
Save jackofallops/36d10860c30b9eefe8311a2a48aac753 to your computer and use it in GitHub Desktop.
Kubernetes ingress-nginx Azure loadbalancer - enabling whitelisting
# In order for the nginx-ingress controller to correctly process the `nginx.ingress.kubernetes.io/whitelist-source-range` annotation
# it is necessary to set the `externalTrafficPolicy` to `Local` from `Cluster`. This allows the external IP to be visible to the
# controller, rather than the internal addressing (resultng in 403's for all sources).
# template of a "patch" can be found in the main project: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/azure/service.yaml
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "austere-rattlesnake-nginx-ingress-controller",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/services/austere-rattlesnake-nginx-ingress-controller",
"uid": "2d4773d5-2c42-11e8-b9b2-0a58ac1f041c",
"resourceVersion": "131544",
"creationTimestamp": "2018-03-20T13:25:37Z",
"labels": {
"app": "nginx-ingress",
"chart": "nginx-ingress-0.11.1",
"component": "controller",
"heritage": "Tiller",
"release": "austere-rattlesnake"
}
},
"spec": {
"ports": [
{
"name": "http",
"protocol": "TCP",
"port": 80,
"targetPort": 80,
"nodePort": 31092
},
{
"name": "https",
"protocol": "TCP",
"port": 443,
"targetPort": 443,
"nodePort": 31512
}
],
"selector": {
"app": "nginx-ingress",
"component": "controller",
"release": "austere-rattlesnake"
},
"clusterIP": "10.0.9.72",
"type": "LoadBalancer",
"sessionAffinity": "None",
"externalTrafficPolicy": "Local",
"healthCheckNodePort": 32267
},
"status": {
"loadBalancer": {
"ingress": [
{
"ip": "1.2.3.4"
}
]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment