Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.22.15-gke.2500
Cloud being used: GCP
Installation method: GKE cluster
Host OS: Linux based GCP images
CNI and version: n/a
CRI and version: n/a
I am trying to restrict keycloak admin context (https://myserver.domain.com/auth/admin/*) to specific IPs only, However, want to keep other context open for all (Eg. /).
The service is running in GKE cluster with LoadBalancer, Nginx Ingress and backend. Below are the two configs created to achieve the above requirement.
Ingress1 is working and accessible to all including /auth/admin/*
Nginx Ingress1:
annotations:
nginx.ingress.kubernetes.io/affinity: cookie
labels: app.kubernetes.io/managed-by: Helm
name: kc-ingress
namespace: kc
spec:
ingressClassName: nginx
rules:
host: my.domain.com http: paths:
backend:
service:
name: kc-service
port:
number: 80
path: /
pathType: ImplementationSpecific
Ingress2 is created to restrict the /auth/admin/* which is not working as expected.
Nginx Ingress2:
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: x.x.x.x/32
labels: app.kubernetes.io/managed-by: Helm
name: kc-ingress-restricted
namespace: kc
spec:
ingressClassName: nginx
rules:
host: my.domain.com http: paths:
backend:
service:
name: kc-service
port:
number: 80
path: /auth/admin/(.*)
pathType: Prefix
Not sure what else is missing here.