Istio Ingress IP whitelisting

kevin_fernandes · February 4, 2020, 2:33pm

I am trying exactly the same thing. I have the following config as a starter

apiVersion: config.istio.io/v1alpha2
kind: handler
metadata:
  name: blacklistip
spec:
  compiledAdapter: listchecker

  params:
    providerUrl: http://urlist.com/ip.txt
    overrides: ["0.0.0.0.25"]
    blacklist: true
    entryType: IP_ADDRESSES
---
apiVersion: config.istio.io/v1alpha2
kind: instance
metadata:
  name: sourceip-blacklist
spec:
  compiledTemplate: listentry
  params:
    value: source.ip | ip("0.0.0.0")
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: checkip-whitelist
spec:
  match: source.labels["istio"] == "ingressgateway"
  actions:
  - handler: blacklistip
    instances: [ sourceip-blacklist ]

What parameter do i need to set in the handler? Could you help me out. I have already set externalTrafficPolicy to Local for the istio ingressgateway service.

@jaygridley. Did you get this running? Could you share me the config please if possible?

Regards,
Kevin

Topic		Replies	Views
IP whitelisting trouble - ingress gateway is always seeing the cluster IP Networking	2	964	January 13, 2020
IP whitelisting in Istio? Networking	4	1181	July 19, 2019
IP Whitelisting at Istio security	1	1027	January 8, 2020
Original source ip address of client	0	1080	February 15, 2023
IP Whitelisting with AuthorizationPolicy in EKS Networking	6	3291	December 29, 2021

Istio Ingress IP whitelisting

Related topics