hcloud-cloud-controller-manager icon indicating copy to clipboard operation
hcloud-cloud-controller-manager copied to clipboard
verified publisher icon hetznercloud

LoadBalancer Source Ranges

Open dcardellino opened this issue 3 years ago • 2 comments

Hello together,

Does Hetzner LoadBalancer provide or plans to provide to support an annotation like on AWS, to restrict the ip addresses that can access the loadbalancer service? The AWS ELB annotations is this one: service.beta.kubernetes.io/load-balancer-source-ranges where you can specify CIDRs that are allowed to access the NLB.

Thanks in advance,

Dom

dcardellino avatar May 24 '22 13:05 dcardellino

At the moment Hetzner firewall cannot be applied to load balancers, so this is not technically possible: https://docs.hetzner.com/cloud/firewalls/faq/#can-firewalls-be-applied-to-my-hetzner-cloud-load-balancers

Even if not quite the same, you could use an ingress behind the load balancer to do something similar: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#whitelist-source-range

hakman avatar May 24 '22 14:05 hakman

@hakman do you have an example how your Helm values would look like for the nginx-ingress controller? Especially for the required annotations for the load balancer.

sebastiangaiser avatar Jun 27 '22 13:06 sebastiangaiser

This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.

github-actions[bot] avatar Aug 27 '22 13:08 github-actions[bot]

Helped out with a HAProxy deployment where I filter ip addresses.

dcardellino avatar Aug 28 '22 05:08 dcardellino