Access Restriction by IP Address
When installing the ingress controller in production environments, you should consider configuring a CIDR block in the Helm chart for the ingress controller so that you restrict access to worker nodes from a specific IP address or a range of IP addresses.
To specify a range of IP addresses allowed to access resources controlled by the
ingress controller, specify the
--set controller.service.loadBalancerSourceRanges=your IP range
option
when you install your ingress controller.
For example:
$ helm install --namespace nginx --name nginx \ --set rbac.create=true \ --set controller.publishService.enabled=true \ --set controller.stats.enabled=true \ --set controller.service.externalTrafficPolicy=Local \ --set controller.service.type=LoadBalancer \ --set controller.image.tag="0.21.0" \ --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-type"="nlb" \ --set controller.service.loadBalancerSourceRanges="{81.0.0.0/8,3.56.113.4/32}" \ stable/nginx-ingress