Access restriction by IP address
When installing the ingress controller in production environments, you should consider configuring a CIDR block in the Helm chart for the ingress controller so that you restrict access to worker nodes from a specific IP address or a range of IP addresses.
To specify a range of IP addresses allowed to access resources controlled by the
ingress controller, specify the
--set controller.service.loadBalancerSourceRanges=your IP range option
when you install your ingress controller.
For example:
$ helm install --namespace nginx --name nginx \
--set rbac.create=true \
--set controller.publishService.enabled=true \
--set controller.stats.enabled=true \
--set controller.service.externalTrafficPolicy=Local \
--set controller.service.type=LoadBalancer \
--set controller.image.tag="0.21.0" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-type"="nlb" \
--set controller.service.loadBalancerSourceRanges="{81.0.0.0/8,3.56.113.4/32}" \
stable/nginx-ingress