Istio 1.0.5 on k8s 1.11.5 unableto specify source ip for ELB

ritz · March 18, 2019, 4:17am

Hello !
I need to specify the source ip and restrict the ip’s that are allowed to access my internal ELB on AWS.
Looks like k8s allows this by having the config like this

spec:
  loadBalancerSourceRanges:
  - "143.231.0.0/16"

I see there are ways to specify this in istio 1.1 but i cannot upgrade to 1.1 yet.
1 alternative i have is to directly modify my k8s config and add this spec . Please help

blaketastic2 · March 18, 2019, 11:28am

If you are trying to prevent outside traffic into your ELB, use this annotation:

gateways:
  istio-ingressgateway:
    serviceAnnotations:
        service.beta.kubernetes.io/load-balancer-source-ranges: "143.231.0.0/16"

ritz · March 21, 2019, 6:28pm

thank you so much @blaketastic2 i will try it out

Topic		Replies	Views
Get source IP addres of client Networking	1	656	February 20, 2021
Quick Sanity Check on Plain Istio Setup	0	388	March 12, 2020
Istio Ingress IP whitelisting Networking	14	6688	February 28, 2020
Istio ingressgateway with AWS ELB on private subnet	2	2226	March 27, 2019
Istio Ingress gateway with Network LoadBalancer Networking security	2	1369	June 16, 2020

Istio 1.0.5 on k8s 1.11.5 unableto specify source ip for ELB

Related Topics