$ oc -n openshift-ingress-operator patch ingresscontroller/default \
--type=merge --patch='{"spec":{"endpointPublishingStrategy": \
{"loadBalancer":{"allowedSourceRanges":["0.0.0.0/0"]}}}}' (1)
You can specify a list of IP address ranges for the IngressController
. This restricts access to the load balancer service when the endpointPublishingStrategy
is LoadBalancerService
.
You can enable and configure the spec.endpointPublishingStrategy.loadBalancer.allowedSourceRanges
field. By configuring load balancer allowed source ranges, you can limit the access to the load balancer for the Ingress Controller to a specified list of IP address ranges. The Ingress Operator reconciles the load balancer Service and sets the spec.loadBalancerSourceRanges
field based on AllowedSourceRanges
.
If you have already set the |
You have a deployed Ingress Controller on a running cluster.
Set the allowed source ranges API for the Ingress Controller by running the following command:
$ oc -n openshift-ingress-operator patch ingresscontroller/default \
--type=merge --patch='{"spec":{"endpointPublishingStrategy": \
{"loadBalancer":{"allowedSourceRanges":["0.0.0.0/0"]}}}}' (1)
1 | The example value 0.0.0.0/0 specifies the allowed source range. |
If you have already set the annotation service.beta.kubernetes.io/load-balancer-source-ranges
, you can migrate to load balancer allowed source ranges. When you set the AllowedSourceRanges
, the Ingress Controller sets the spec.loadBalancerSourceRanges
field based on the AllowedSourceRanges
value and unsets the service.beta.kubernetes.io/load-balancer-source-ranges
annotation.
If you have already set the |
You have set the service.beta.kubernetes.io/load-balancer-source-ranges
annotation.
Ensure that the service.beta.kubernetes.io/load-balancer-source-ranges
is set:
$ oc get svc router-default -n openshift-ingress -o yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/load-balancer-source-ranges: 192.168.0.1/32
Ensure that the spec.loadBalancerSourceRanges
field is unset:
$ oc get svc router-default -n openshift-ingress -o yaml
...
spec:
loadBalancerSourceRanges:
- 0.0.0.0/0
...
Update your cluster to OKD 4.13.
Set the allowed source ranges API for the ingresscontroller
by running the following command:
$ oc -n openshift-ingress-operator patch ingresscontroller/default \
--type=merge --patch='{"spec":{"endpointPublishingStrategy": \
{"loadBalancer":{"allowedSourceRanges":["0.0.0.0/0"]}}}}' (1)
1 | The example value 0.0.0.0/0 specifies the allowed source range. |