ConfigMap setting whitelist-source-ranges doesn't work

[gjcarneiro]

I have this configmap:

apiVersion: v1
data:
  disable-ipv6: "true"
  proxy-read-timeout: "3600"
  proxy-send-timeout: "3600"
  use-proxy-protocol: "true"
  whitelist-source-range: 10.122.0.0/16
kind: ConfigMap

But nginx controller (version 0.9.0.beta.3) totally ignores whitelist-source-range. I have some Ingress resources with the ingress.kubernetes.io/whitelist-source-range annotation, to explicitly say which IPs to allow, but I also have one Ingress resource without any annotation. It is my understanding that, in the absence of a specific annotation in an Ingress then the default whitelist-source-range from the ConfigMap should apply. It doesn't apply, in my experience.

Did I understand incorrectly, or is it a bug?

[snoby]

I'm not 100% sure but i don't think white listing will work if you are using ssl_passthrough...

[gjcarneiro]

Well, white listing certainly does work in my setup, but only for resources explicitly annotated with ingress.kubernetes.io/whitelist-source-range.

My only issue is that the config map's whitelist-source-range option should provide a default value for the Ingress resources that don't provide a ingress.kubernetes.io/whitelist-source-range annotation, but the default value never seems to apply.

[apgapg]

Somehow this isnt working.
I dont see the IP in generated nginx.conf

I have also applied externalTrafficPolicy: "Local"
I cant use ingress as my connection is TCP with port 5432 (postgres database)

[apgapg]

Looks like this setting doesnt work on TCP config map.
I have tried patching TCP config map with IP whitelisting but no help