whitelist ingress ip source range #114
Conversation
|
I think this will break things for cases where we run multiple ingress classes. Would be great if we could separate PRs. The white listing of the IPs would be good to get in... |
|
Whitelist all is a good thing @gianrubio . Can you separate the PRs as requested? Another option for whitelisting would be an external watched on lego's ingress rule and patch it with the whitelist annotation whenever it changes (ugly, I know). |
gianrubio
force-pushed
the
fix-ingress-class
branch
from
4704495 to
bdc891f
Compare
gianrubio
force-pushed
the
fix-ingress-class
branch
from
bdc891f to
dfc5b4c
Compare
gianrubio
changed the title
|
@simonswine done! |
|
@simonswine are we good to merge this now? I'm unable to see the original commit to make a judgement myself! Looks good to me otherwise. |
|
This definitely broke IPv6, since "0.0.0.0/0" does not match any IPv6 address. This means all IPv6-sourced addresses are denied. Edit: The nginx annotation DOES allow specification of multiple IPs, separated by comma: configmap.go |
whitelist all ips for acme http challenge path
fix #203