Whitelist an IP to access deployment with Kubernetes ingress Istio Whitelist an IP to access deployment with Kubernetes ingress Istio kubernetes kubernetes

Whitelist an IP to access deployment with Kubernetes ingress Istio


kubernetes whitelist istio kubernetes-security docker-ingress

Have a look at the annotation overview, it seems that whitelist-source-range is not supported by istio:

whitelist-source-range: Comma-separate list of IP addresses to enable access to.

nginx, haproxy, trafficserver

kubernetes whitelist istio kubernetes-security docker-ingress

I managed to solve whitelisting ip address problem for my istio-based service (app that uses istio proxy and exposed through the istio ingress gateway via public LB) using NetworkPolicy.

For my case, here is the topology:

Public Load Balancer (in GKE, using preserve clientIP mode) ==> A dedicated Istio Gateway Controller Pods (see my answer here) ==> My Pods (istio-proxy sidecar container, my main container).

So, I set up 2 network policy:

  1. NetworkPolicy that guards the incoming connection from internet connection to my Istio Ingress Gateway Controller Pods. In my network policy configuration, I just have to set the spec.podSelector.matchLabels field to the pod label of Dedicated Istio Ingress Gateway Controller Pods's

  2. Another NetworkPolicy that limits the incoming connection to my Deployment -> only from the Istio Ingress Gateway Controller pods/deployments.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last