cloud-provider-azure icon indicating copy to clipboard operation
cloud-provider-azure copied to clipboard
verified publisher icon kubernetes-sigs

Add new annotation to block ip ranges

Open Jasstkn opened this issue 1 year ago • 9 comments

Hi!

I would like to suggest adding new annotation to be able block specific IP ranges using NSG, e.g. service.beta.kubernetes.io/azure-blocked-ip-ranges (pretty similar to the existing service.beta.kubernetes.io/azure-allowed-ip-ranges annotation but instead of "allow" - "deny" rules will be created.

Use case: I have the list of IP ranges to be blocked (they are not included in the Azure DDOS protection offering and Azure DDOS doesn't allow to supply a custom IP blocklist).

Is there any ongoing work or interest for such functionality? I am interested in contributing it if the idea is supported by the maintainers of the provider.

Jasstkn avatar Apr 07 '25 07:04 Jasstkn

Hi @feiskyer @nilo19 @MartinForReal! Do you have any feedback regarding this issue? I would like to understand the maintainers' perspective on this request as early as possible. Thank you in advance.

Jasstkn avatar Apr 09 '25 13:04 Jasstkn

ping @feiskyer @nilo19 @MartinForReal

Jasstkn avatar May 09 '25 13:05 Jasstkn

Hi @Jasstkn it's on our list but not prioritized. We will assess this once we have time, thank you.

nilo19 avatar May 12 '25 04:05 nilo19

@nilo19 hi! any update on this request?

Jasstkn avatar Jun 10 '25 09:06 Jasstkn

hi @Jasstkn , not yet.

nilo19 avatar Jun 10 '25 10:06 nilo19

/kind feature

nilo19 avatar Jun 12 '25 05:06 nilo19

@nilo19 Hey. Have you been able to triage this request?

Jasstkn avatar Jul 21 '25 08:07 Jasstkn

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Oct 19 '25 09:10 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Nov 18 '25 10:11 k8s-triage-robot