OCP4 - ip_whitelist via ingress-operator
Hey folks,
we have an ocp4-cluster with an external loadbalancer. For security-reasons, i only want to allow that the loadbalancer can communicate with all exposed services, so that no direct access is possible.
I already found a solution by simple configure an ip_whitelist via a route annotation.
see:
https://docs.openshift.com/container-platform/4.5/networking/routes/route-configuration.html#nw-route-specific-annotations_route-configuration
But i want to have this configuration set as default. I found the following sentence in the documentation:
The Ingress Controller can set the default options for all the routes it exposes. An individual route can override some of these defaults by providing specific configurations in its annotations.
So, if the Ingress Controller really can set the default options for all the routes it exposes, how could i achieve my goals?
kind regards
Sascha