Security

Access control

By default, the applications on your Stackspin cluster will be exposed to the whole internet (although they are password protected).

If you like to limit who can access your cluster resources you can configure the Stackspin ingress (ingress-nginx) to only accept connections from a certain IP address or range.

Follow the Customize Stackspin applications instructions, but use the following secret as install/overrides/stackspin-nginx-override.yml and apply the secret in the stackspin namespace instead of stackspin-apps. Replace the source range with the IP address ranges you want to allow.

---
apiVersion: v1
kind: secret
metadata:
  name: stackspin-nginx-override
data:
  values.yaml: |
    controller:
      config:
        # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range
        # comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.
        whitelist-source-range: 1.2.3.4/24