Container for continually ensuring that a Kubernetes Ingress resources is restricted only to a set of whitelisted networks (CIDR ranges) based on a list of named networks.
This container will:
- Search for a configuration map (whose name is provided as an environment variable) that will contain a mapping between network names and CIDR ranges.
- Watch Ingress resources with the annotation
ingress.infolinks.com/networks - For each such Ingress resource:
- Build a CIDR list from the combined CIDR ranges of all networks referenced in
ingress.infolinks.com/networks - Add/update the Kubernetes annotation
ingress.kubernetes.io/whitelist-source-rangewith the CIDR list
- Build a CIDR list from the combined CIDR ranges of all networks referenced in
When running externally to a Kubernetes cluster, make sure that you configure kubectl to properly access your cluster.
If this container is running inside a Kubernetes cluster, you just need to make sure the Pod running this container
has the RBAC permissions to use kubectl.
Any contribution to the project will be appreciated! Whether it's bug reports, feature requests, pull requests - all are welcome, as long as you follow our contribution guidelines for this project and our code of conduct.