@@ -41,15 +41,27 @@ that hosts applications intended for a limited audience-- e.g. applications for
4141an organization. You can enforce cluster-wide IP whitelisting by enabling whitelists, then
4242attaching an annotation to the router:
4343
44- $ kubectl --namespace=deis annotate replicationcontroller deis-router router.deis.io/nginx.enforceWhitelists=true
45- $ kubectl --namespace=deis annotate replicationcontroller deis-router router.deis.io/nginx.defaultWhitelist="0.0.0.0/0"
44+ $ kubectl --namespace=deis annotate deployments/ deis-router router.deis.io/nginx.enforceWhitelists=true
45+ $ kubectl --namespace=deis annotate deployments/ deis-router router.deis.io/nginx.defaultWhitelist="0.0.0.0/0"
4646
4747The format is the same for the controller whitelist but you need to specify the whitelist directly
4848to the controller's service. For example:
4949
50- $ kubectl --namespace=deis annotate service deis-controller router.deis.io/whitelist="10.0.1.0/24,121.212.121.212"
50+ $ kubectl --namespace=deis annotate service deis-controller router.deis.io/whitelist="10.0.1.0/24,121.212.121.212"
5151
5252And the same applies to applications. For example, to apply a whitelist to an application named
5353` example ` :
5454
55- $ kubectl --namespace=example annotate service example-web router.deis.io/whitelist="10.0.1.0/24,121.212.121.212"
55+ $ kubectl --namespace=example annotate service example-web router.deis.io/whitelist="10.0.1.0/24,121.212.121.212"
56+
57+ Application level whitelisting can also be done using the Deis client. To add/remove/list addresses of an application whitelist, use ` deis whitelist ` :
58+
59+ $ deis whitelist:add 10.0.1.0/24,121.212.121.212 -a drafty-zaniness
60+ Adding 10.0.1.0/24,121.212.121.212 to drafty-zaniness whitelist...done
61+
62+ $ deis whitelist:remove 121.212.121.212 -a drafty-zaniness
63+ Removing 121.212.121.212 from drafty-zaniness whitelist... done
64+
65+ $ deis whitelist -a drafty-zaniness
66+ === drafty-zaniness Whitelisted Addresses
67+ 10.0.1.0/24
0 commit comments