K8S service load balancer annotation for sg source ips

0
votes

I have k8s cluster deployed over aws. I created load balancer service with annotation of : service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" now, I saw that k8s created new elb attached to a sg with outbound role 443 opened to 0.0.0.0/0. I tried to take a look and see if there's additional annotation that manage source ip's (pre defined ip's instead the 0.0.0.0) and couldn't find. Do you know if there's kind of option to manage this as part of annotations ?

1
amazon-web-serviceskubernetesamazon-elbkops
which ingress are you using? nginx-ingress?mchawre
Generally yes, but in this case i'm not using ingress but ext loadbalancerRoee Rakovsky
@RoeeRakovsky loadBalancerSourceRanges works on aws and gcloudc4f4t0r

1 Answers

1
votes

Make use of loadBalancerSourceRanges in loadbalancer service resource as described here.

apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  ports:
  - port: 8765
    targetPort: 9376
  selector:
    app: example
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 10.0.0.0/8

Update:

In case of nginx-ingress you can use nginx.ingress.kubernetes.io/whitelist-source-range annotation.

For more info check this.