Istio 1.0.5 on k8s 1.11.5 unableto specify source ip for ELB

ritz · March 18, 2019, 4:17am

Hello !
I need to specify the source ip and restrict the ip’s that are allowed to access my internal ELB on AWS.
Looks like k8s allows this by having the config like this

spec:
  loadBalancerSourceRanges:
  - "143.231.0.0/16"

I see there are ways to specify this in istio 1.1 but i cannot upgrade to 1.1 yet.
1 alternative i have is to directly modify my k8s config and add this spec . Please help

blaketastic2 · March 18, 2019, 11:28am

If you are trying to prevent outside traffic into your ELB, use this annotation:

gateways:
  istio-ingressgateway:
    serviceAnnotations:
        service.beta.kubernetes.io/load-balancer-source-ranges: "143.231.0.0/16"

ritz · March 21, 2019, 6:28pm

thank you so much @blaketastic2 i will try it out

Topic		Replies	Views
Istio Authorisation policy to allow specific external IP ranges Policies and Telemetry	0	720	February 23, 2021
Get source IP addres of client Networking	1	742	February 20, 2021
Quick Sanity Check on Plain Istio Setup	0	445	March 12, 2020
Istio Ingress IP whitelisting Networking	14	7101	February 28, 2020
Istio ingressgateway with AWS ELB on private subnet	2	2424	March 27, 2019

Istio 1.0.5 on k8s 1.11.5 unableto specify source ip for ELB

Related Topics