Whitelist IP addresses for Managed RedHat for IBM Cloud

Recently I was being asked by colleague how secure the applications that were running in Redhat OpenShift, to only restrict access from office network.

After some digging and trying, apparently Kubernetes Network policy doesn’t take effect (something need to figure out why 🤔). Redhat OpenShift uses Route, therefore the proper way to secure will be using annotation.

The annotation is simple

oc annotate route <route_name> haproxy.router.openshift.io/ip_whitelist="<ip_address>"

Step 1: Login to RedHat OpenShift cluster

oc login --token=XXXX --server=https://REDHAT_CLUSTER_API

Step 2: Get Route name

oc get routes

In this case the Route name is nginx-stable

Step 3: Set annotation

oc annotate route nginx-stable haproxy.router.openshift.io/ip_whitelist="111.XXX.XXX.107"

To remove the whitelist of IP addresses, just need to remove the annotation by putting - at the end of annotation.

oc annotate route nginx-stable haproxy.router.openshift.io/ip_whitelist-