AKS — IP access control by NGINX Ingress Controller

Photo by Nadine Shaabana on Unsplash

Case:

We have multiple web applications deployed on Kubernetes (AKS) and we try to allow each one to access only from a specific IP address.

The general procedure is as follows.

• As a preliminary preparation, deploy Ingress Controller with Helm.
• Deploy an Ingress resource with a white list as access control.

Preparation:

We will need install helm, helm installation follow the official instructions to install.

$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
$ chmod 700 get_helm.sh
$ ./get_helm.sh

Let’s start

Deploy Ingress Controller

Create a namespace for Ingress.

root@vagrant:/home/vagrant# kubectl create namespace ingress-basic
namespace/ingress-basic created

Deploy the NGINX Ingress Controller in Helm. In the official procedure of AKS, nodeSelector is specified, but since there are not multiple types of Node, it is omitted and the replica is also reduced to 1.

It is also important to specify externalTrafficPolicy = Local at this time . This allows you to work with the…