Whitelisting Annotation?

[aharper273]

I do not see a way to add a whitelist of IPs using an annotation. Is this a planned feature?

Something like nginx.org/whitelist-source-range followed by a list of comma-separated IPs? This would be very useful and I have yet to find a way to do it using this ingress.

If this isn't a planned feature, is there a way to do this manually? Would that involve writing a custom annotation and restarting my ingress?

[pleshakov]

@aharper273
There are two options for whitelisting in Ingress resources:

• custom annotation. see an example for allow and deny directives -- https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/custom-annotations.md#helper-functions Note: the utilized helper functions feature is available in the edge version and will be available in 1.6.0 later this year.
• snippets annotation:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: cafe-ingress
  annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.org/server-snippets: "allow 192.168.1.3; deny all;"

Is this a planned feature?

We're planning to support policies such as auth, rate-limiting, request/response manipulation in our custom resources https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/virtualserver-and-virtualserverroute.md The polices will include whitelisting. We will be bringing support for polices in 1.7.0 release next year.