Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nginx generating a wrong whitelist-source-range #558

Closed
gianrubio opened this issue Apr 5, 2017 · 2 comments · Fixed by #568
Closed

Nginx generating a wrong whitelist-source-range #558

gianrubio opened this issue Apr 5, 2017 · 2 comments · Fixed by #568

Comments

@gianrubio
Copy link
Contributor

gianrubio commented Apr 5, 2017
edited
Loading

I have 2 ingress for the same domain and apparently after PR #517 nginx generate a wrong whitelist-source-range.

apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      ingress.kubernetes.io/whitelist-source-range: 23.135.13.124/32
      kubernetes.io/ingress.class: extern
    name: acl
    namespace: xxx
  spec:
    rules:
    - host: my.staging.eu
      http:
        paths:
        - backend:
            serviceName: default-http-backend
            servicePort: 80
          path: /health-check
- apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      ingress.kubernetes.io/whitelist-source-range: 23.135.13.124/32
      kubernetes.io/ingress.class: extern
      kubernetes.io/tls-acme: "false"
    name: xxx-extern
    namespace: xxx
  spec:
    rules:
    - host: my.staging.eu
      http:
        paths:
        - backend:
            serviceName: my_service
            servicePort: 80
          path: /
- apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
      kubernetes.io/ingress.class: extern
      kubernetes.io/tls-acme-challenge-endpoints: "true"
    generation: 1
    name: kube-lego-extern
    namespace: kube-system
  spec:
    rules:
    - host: my.staging.eu
      http:
        paths:
        - backend:
            serviceName: kube-lego-extern
            servicePort: 8080
          path: /.well-known/acme-challenge

Generated nginx.conf

   server_name my.staging.eu;
      ....

        location /health-check {
            set $proxy_upstream_name "staging-default-http-backend-80";

            allow 23.135.13.124/32;
            deny all;
...
...

   location / {
            set $proxy_upstream_name "staging-xxx-80";

            allow 0.0.0.0/0; < ====== It's wrong
            deny all;
....
@gianrubio gianrubio mentioned this issue Apr 5, 2017
Merged
@gianrubio gianrubio changed the title whitelist source range br Nginx generating wrong whitelist-source-range Apr 5, 2017
@gianrubio gianrubio changed the title Nginx generating wrong whitelist-source-range Nginx generating a wrong whitelist-source-range Apr 5, 2017
@ashb
Copy link
Contributor

ashb commented Apr 5, 2017

Is 0.0.0.0/0 the default whitelist range from your config map?

@gianrubio
Copy link
Contributor Author

No, I don't have this option in the configmap just in ingress

@jcmoraisjr jcmoraisjr mentioned this issue Apr 7, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Revert merge annotations to the implicit root context jcmoraisjr/ingress
2 participants
@ashb @gianrubio