Ingress Mapping

Our pre-configured ingress-controller is running nginx-controller. More information about configuration can be found here Ingress Options.

Whitelisting

If you want to limit access to a service can it be done with the help of whitelisting

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: <IP RANGES>
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: nginx
            port:
              number: 80

Running Nexus in Kubernetes with Whitelisting

Not all nodes can pull images from my Nexus

If you encounter issues with nodes that can not pull images, make sure all load-balancer node host IP addresses and 10.244.0.0 is allowed in the whitelist.

  • When a connection is established between a host and one of its pods, the network stack does not use NAT. Instead, a direct link is created between the host IP and the pod IP.
  • 10.244.0.0 is used when node uses the Kubernetes network stack instead of direct connection.

These connections will not use the internet and always be local to the Kubernetes Stack and do not pose a security risk.