Enabling whitelisting to the Public facing Ingress

Support
,
1

Unable to configure IP whitelisting on Ingress level

I want to access the public-facing ingress using Pomerium as an ingress class with IP whitelisting.
Currently, It is possible with the Ingress-nginx controller using the nginx.ingress.kubernetes.io/whitelist-source-range annotation but the same is not working with the Pomerium ingress controller.

How’d it happen?

  1. Ran x
  2. Clicked y
  3. Saw error z

What’s your environment like?

  • Pomerium version (retrieve with pomerium --version): v0.25.0
  • Server Operating System/Architecture/Cloud: AWS EKS

What’s your config.yaml?

apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global
spec:
  authenticate:
    url: https://authenticate.{{ .Values.cluster.tenant }}-{{ .Values.cluster.name }}.{{ .Values.cluster.env }}.{{ .Values.cluster.dns_region }}.domain_name
  certificates:
    - caas-security/pomerium-cert
  identityProvider:
    provider: oidc
    url: {{ .Values.cluster.dex_url }}
    secret: caas-security/idp-dex
  secrets: caas-security/bootstrap

What did you see in the logs?

Nothing

Additional context

Add any other context about the problem here.

2

Hi Arun!

Are you trying to do this? Well Known IP Ranges | Pomerium

If yes, would you like a trial key?

3

Hi There,

I understand the solution provided by you but I am looking for an open source solution for the whitelisting.
Can you please help me to understand how we can achieve that?

We are using Pomerium OSS for our solution.