Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document how to whitelist IPs #441

Closed
tamalsaha opened this issue Aug 31, 2017 · 4 comments

Comments

Projects
None yet
1 participant
@tamalsaha
Copy link
Member

commented Aug 31, 2017

"We are having issues when creating an ingress with the number of loadBalancerSourceRanges and open ports exceeding 50. The aws loadbalancer will not be created as error authorizing security group ingress: RulesPerSecurityGroupLimitExceeded. Amazon say that the maximum number of rules is 50 and cannot be increased. Is there possibly a way around this. Say to try bundle rules together or open all tcp for the loadBalancerSourceRanges "

One option will be to allow more IPs from outside. Then restrict at the HAProxy level . https://raymii.org/s/snippets/haproxy_restrict_specific_urls_to_specific_ip_addresses.html

@tamalsaha

This comment has been minimized.

Copy link
Member Author

commented Aug 31, 2017

ingress.appscode.com/keep-source-ip: "true" must be used to ensure that HAproxy can see client IP.

@tamalsaha

This comment has been minimized.

Copy link
Member Author

commented Aug 31, 2017

backendRule:
           - ‘acl network_allowed src 1.2.12.18’
           - ‘block if !network_allowed’

@tamalsaha tamalsaha added the breaking label Sep 5, 2017

@tamalsaha tamalsaha modified the milestones: 4.1.0, 3.2.0 Sep 5, 2017

@sadlil sadlil referenced this issue Sep 7, 2017

Merged

Frontend rules #467

@tamalsaha tamalsaha referenced this issue Sep 10, 2017

Closed

3.2.0 docs #474

3 of 3 tasks complete

@tamalsaha tamalsaha closed this Sep 11, 2017

@tamalsaha

This comment has been minimized.

Copy link
Member Author

commented Sep 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.