'Can i back multiple ingress class' with one ingress controller

Hoping someone here can help. I have a use case, where I am exposing an NGINX ingress controller with both internal and external LBs. The internal LB is used for things that sit outside of K8S, but within the same network to talk via ingress to things inside K8S, whilst still leveraging our NGINX configurations.

The challenge :

I want to be able to restrict endpoints which we are exposing only to internal systems, so that they can not be accessed via the external LBs (it would be pretty easy for someone to hit the external LB with the correct host headers otherwise and still access the applications behind them).

Does anyone know of any way to do this, which does not involve having to stand up a duplicate NGINX deployment entirely. IE, was hoping to be able to have an ingress class defined which would use exclusively the service with the internal LB rather than the external one.

kubernetes-ingressnginx-ingress


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Procedure to install an Ingress controller

Nginx ingress controller not giving metrics for prometheus

AWS - x-real-ip is ip of nginx-ingress-controller

How to perform custom authentication with kubernetes Ingress

kubernetes ingress service annotations

How can I configure NGINX ingress controller to work with Cloudflare and Digital Ocean Load Balancer?

Enable kubernetes nginx ingress compression in terraform configuration

AKS Ingress - multiple ExternalName services

Why ingress-nginx controller tcp-services not working?

Kubernetes ingress controller upgrade doesn't finish the upgrade

Waiting for HTTP-01 challenge propagation: failed to perform self check GET request

Migrate docker-compose nginx.conf to kubernetes nginx ingress

How can I leverage nginx to enforce a delay/rate-limit between outbound requests?

Setting Nginx Header Host without breaking an existing ingress

how to proxy through nginx server to nginx ingress controller