Security
Access control
By default, the applications on your Stackspin cluster will be exposed to the whole internet (although they are password protected).
If you like to limit who can access your cluster resources you can configure the Stackspin ingress (ingress-nginx) to only accept connections from a certain IP address or range.
Follow the Customize Stackspin applications instructions, but use the following
secret as install/overrides/stackspin-nginx-override.yml
and apply the secret in
the stackspin
namespace instead of stackspin-apps
. Replace the source range with the
IP address ranges you want to allow.
---
apiVersion: v1
kind: secret
metadata:
name: stackspin-nginx-override
data:
values.yaml: |
controller:
config:
# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range
# comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.
whitelist-source-range: 1.2.3.4/24