Asking for help? Comment out what you need so we can get more information to help you!
Kubernetes version: 1.22.15-gke.2500
Cloud being used: GCP
Installation method: GKE cluster
Host OS: Linux based GCP images
CNI and version: n/a
CRI and version: n/a
I am trying to restrict keycloak admin context (https://myserver.domain.com/auth/admin/*) to specific IPs only, However, want to keep other context open for all (Eg. /).
The service is running in GKE cluster with LoadBalancer, Nginx Ingress and backend. Below are the two configs created to achieve the above requirement.
Ingress1 is working and accessible to all including /auth/admin/*
annotations: nginx.ingress.kubernetes.io/affinity: cookie labels: app.kubernetes.io/managed-by: Helm name: kc-ingress namespace: kc spec: ingressClassName: nginx rules: host: my.domain.com http: paths: backend: service: name: kc-service port: number: 80 path: / pathType: ImplementationSpecific
Ingress2 is created to restrict the /auth/admin/* which is not working as expected.
kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/whitelist-source-range: x.x.x.x/32 labels: app.kubernetes.io/managed-by: Helm name: kc-ingress-restricted namespace: kc spec: ingressClassName: nginx rules: host: my.domain.com http: paths: backend: service: name: kc-service port: number: 80 path: /auth/admin/(.*) pathType: Prefix
Not sure what else is missing here.