I would like to allow access to my K8S cluster only from some set of IPs. So I’ve implemented the approach discussed here https://istio.io/docs/tasks/policy-enforcement/denial-and-list/#ip-based-whitelists-or-blacklists.
The problem I am facing is that
origin.ip value does not contain the original IP address of visitor but load balancer IP. When I switch Istio ingress gateway
origin.ip is propagated.
externalTrafficPolicy is set to
Local network routing stop working with error
upstream connect error or disconnect/reset before headers. reset reason: connection termination.
I am on Istio 1.1.8.
Could anyone advise?