do-loadbalancer-allow-rules doesn't work (firewall is not configured)

[collimarco]

We have added this annotation to a DO Kubernetes Load Balancer:

https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md#servicebetakubernetesiodo-loadbalancer-allow-rules

The other annotations work properly, but the rule service.beta.kubernetes.io/do-loadbalancer-allow-rules doesn't have any effects.

We set it to:

service.beta.kubernetes.io/do-loadbalancer-allow-rules: "cidr:173.245.48.0/20,cidr:103.21.244.0/22,cidr:103.22.200.0/22,cidr:103.31.4.0/22,cidr:141.101.64.0/18,cidr:108.162.192.0/18,cidr:190.93.240.0/20,cidr:188.114.96.0/20,cidr:197.234.240.0/22,cidr:198.41.128.0/17,cidr:162.158.0.0/15,cidr:104.16.0.0/13,cidr:104.24.0.0/14,cidr:172.64.0.0/13,cidr:131.0.72.0/22,cidr:2400:cb00::/32,cidr:2606:4700::/32,cidr:2803:f800::/32,cidr:2405:b500::/32,cidr:2405:8100::/32,cidr:2a06:98c0::/29,cidr:2c0f:f248::/32"

Basically it should allow only Cloudflare IPs (https://www.cloudflare.com/ips/), but it doesn't work. We can still connect to the DO Kubernetes Load Balancer from other IPs.

[collimarco]

It works now, I had to remove the IPv6 ranges because they are not supported by DO Load Balancer. In any case you are always connecting to them with IPv4, so removing IPv6 from firewall shouldn't be a problem.

That was the root cause of this issue.