Ensure installers can limit ingress access from public internet #100
Assignees
Labels
kind/enhancement
Improvements or new features
Comments
phillipedwards
added
kind/enhancement
|
Just dumping this here for later: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range |
|
@phillipedwards Are you aversed to using cloud-specific ingress methods: by that I mean we've got load balancer ingress for EKS, and there's an API Gateway ingress for AKS (although there was a limitation in CORS which is why it's not being used right now) and presumably something similar for GKE |
|
@pierskarsenbarg I'm not however, we should be able to limit ingress with nginx ingress for all k8s fairly easily. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Issue details
By default, public network access is assumed by all installers. This means the self-hosted service is open to all users much like app.pulumi.com, which is not ideal for customers. They'd likely want to restrict network access based on something like an IP range.
The ECS installer allows a config value, seen here where the user can provide a whitelist.
We should implement a similar configurable solution for all other solutions.
Because I like todo lists:
Affected area/feature
The text was updated successfully, but these errors were encountered: