search

kubernetes / ingress-nginx

Ingress NGINX Controller for Kubernetes
https://kubernetes.github.io/ingress-nginx/
Apache License 2.0
17.56k stars 8.27k forks source link

Merging nnginx.ingress.kubernetes.io/whitelist-source-range annotation with global config #12332

Open iamalryz opened 2 weeks ago

iamalryz commented 2 weeks ago

According to documentation, at the moment annotation nginx.ingress.kubernetes.io/whitelist-source-range totally overrides corresponding option from ConfigMap.

In my use case I want to configure trusted networks globally for all Ingress objects (by whitelist-source-range option at ConfigMap), and add another trusted IPs/networks for particular Ingress objects.

If I use annotation nginx.ingress.kubernetes.io/whitelist-source-range on particular Ingress object, I loose access to its from trusted networks configured globally.

It would be nice to have a toggle to enable merging nnginx.ingress.kubernetes.io/whitelist-source-range annotation with whitelist-source-range option from ConfigMap.

Like this:

nginx.ingress.kubernetes.io/whitelist-source-range-mode: <override|merge>

With default value of override.

I couldn't find another issues about this feature.

k8s-ci-robot commented 2 weeks ago

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
longwuyuan commented 2 weeks ago

What are the nginx.conf directives that get configured for this and in which contexts