Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I restrict access to Kubernetes service?

Tags:

kubernetes

I am trying to create a service using following yaml. As you can see I am trying to restrict access to the service from 10.0.0.0/8 range.

apiVersion: v1
kind: Service
metadata: 
  name: nginx-service
spec: 
  ports:
    # the port that this service should serve on
    - port: 443
      targetPort: 443
  # label keys and values that must match in order to receive traffic for this service
  selector: 
    name: nginx
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 10.0.0.0/8

There are a few Kubernetes documents (listed below) that discuss how to use loadBalancerSourceRanges annotation to control service access.

http://kubernetes.io/docs/user-guide/services-firewalls/

However when I try to create this service, I get an error as follows

error validating "sdp-cluster.yaml": error validating data: found invalid field loadBalancerSourceRanges for v1.ServiceSpec; if you choose to ignore these errors, turn validation off with --validate=false

I looked at the v1.ServiceSpec and could not find it there too.

Am I missing something? How can I restrict traffic to a service in Kubernetes?

like image 655
Sanjeet Avatar asked Jul 13 '16 19:07

Sanjeet


1 Answers

This is now supported on GCE, GKE and AWS. If the provider does not support it, it'll be ignored.Kubernetes Doc

apiVersion: v1
kind: Service
metadata:
    name: myapp
spec:
    ports:
    - port: 8765
        targetPort: 9376
    selector:
    app: example
    type: LoadBalancer
    loadBalancerSourceRanges:
    - 10.0.0.0/8
like image 196
Pouya Naghizadeh Avatar answered Sep 30 '22 21:09

Pouya Naghizadeh