Access Control for Azure Deployment

    This section shows how to restrict access to only certain IP addresses for your LoadBalancer Service on Azure. At a later date, it will also include formal authentication through Azure. This method is not the most ideal way to secure your Kubernetes cluster, as it requires that you access the service from the same IP address every time. This process was adapted from the Kubernetes guide to configuring a firewall.

    Use the kubectl edit svc <loadbalancer-name> -n kubeflow to add your source ranges. This command will open the editor defined by you KUBE_EDITOR or EDITOR environment variables or fall back to ‘vi’ for Linux or ‘notepad’ for Windows. More information about using alternative editors and options for this command can be found in .

    In the following example, a load balancer will be created that is only accessible to clients with IP addresses from 130.211.204.1 and 130.211.204.2.

    1. apiVersion: v1
    2. kind: Service
    3.   name: myapp
    4. spec:
    5.   ports:
    6.   - port: 8765
    8.     app: example
    9.   type: LoadBalancer
    10.   loadBalancerSourceRanges:
    12.   - 130.211.204.2/32