how to access application only for VPN user..

[techsachin1]

one of my application is access by external users. i have to restrict that application to VPN user only.. i tried with whielist but when i apply whitlist in annotation it block all user. kindly suggest me what to do

this is my ingress rule
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kafdrop-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/whitelist-source-range: x.x.x.x/32 (VPN user ip range)
spec:
tls:

hosts:
abc-a.xyz
secretName: kafdrop-tls
rules:
host: abc-a.xy
http:
paths:

• pathType: Prefix
  path: "/"
  backend:
  service:
  name: kafdrop
  port:
  number: 9000
  this is my configuration... iam using Load balance also. when i apply this , all traffic get blocked after putting whitelist annotation.. please suggest way . i need to only VPN user to access this abc-a.xyz url

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cariorus]

#2096 (comment)

Hello, i think that is a bug.
"ingress.kubernetes.io/whitelist-source-range" can work !

[cariorus]

I apology give you error message, resolve

1. kubectl describe service ingress-nginx-controller -n ingress-nginx
2. External Traffic Policy Values need is: Local, not Cluster

my use helm deploy

  helm -n ingress-nginx upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
      --set controller.service.externalTrafficPolicy=Local

[github-actions]

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.

[sensyblee]

I apology give you error message, resolve

1. kubectl describe service ingress-nginx-controller -n ingress-nginx
2. External Traffic Policy Values need is: Local, not Cluster

my use helm deploy

  helm -n ingress-nginx upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
      --set controller.service.externalTrafficPolicy=Local

this worked for me, thank you
I did not use helm, instead i updated this option on ingress-nginx-controller service

[cariorus]

I apology give you error message, resolve

1. kubectl describe service ingress-nginx-controller -n ingress-nginx
2. External Traffic Policy Values need is: Local, not Cluster

my use helm deploy

  helm -n ingress-nginx upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
      --set controller.service.externalTrafficPolicy=Local

this worked for me, thank you I did not use helm, instead i updated this option on ingress-nginx-controller service

you're welcome 😁

[yoges24]

I did the same but its not working for me. I have updated the externalTrafficPolicy from Cluster to Local

[longwuyuan]

No action item for project here.

/remove-kind feature
/kind support
/close

[k8s-ci-robot]

@longwuyuan: Closing this issue.

In response to this:

No action item for project here.

/remove-kind feature
/kind support
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.