Our pre-configured ingress-controller is running nginx-controller. More information about configuration can be found here Ingress Options.
If you want to limit access to a service can it be done with the help of whitelisting
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx annotations: nginx.ingress.kubernetes.io/whitelist-source-range: <IP RANGES> spec: rules: - http: paths: - path: / backend: service: name: nginx port: number: 80
Running Nexus in Kubernetes with Whitelisting¶
Not all nodes can pull images from my Nexus¶
If you encounter issues with nodes that can not pull images, make sure all load-balancer node host IP addresses and
10.244.0.0 is allowed in the whitelist.
- When a connection is established between a host and one of its pods, the network stack does not use NAT. Instead, a direct link is created between the host IP and the pod IP.
10.244.0.0is used when node uses the Kubernetes network stack instead of direct connection.
These connections will not use the internet and always be local to the Kubernetes Stack and do not pose a security risk.