Skip to content

Commit

Permalink
added warning in Access Control for IP Address conversion CIDR bypass…
Browse files Browse the repository at this point in the history 
… on NLB (kubernetes-sigs#2868)
  • Loading branch information
@wilief @Timothy-Dougherty
wilief authored and Timothy-Dougherty committed Nov 9, 2023
1 parent ac5d974 commit de0ae96
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions docs/guide/service/annotations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,10 @@ Load balancer access can be controlled via following annotations:
This annotation will be ignored in case preserve client IP is not enabled.
- preserve client IP is disabled by default for `IP` targets
- preserve client IP is enabled by default for `instance` targets

!!!warning ""
Preserve client IP has no effect on traffic converted from IPv4 to IPv6 and on traffic converted from IPv6 to IPv4. The source IP of this type of traffic is always the private IP address of the Network Load Balancer.
- This could cause the clients that have their traffic converted to bypass the specified CIDRs that are allowed to access the NLB.

!!!example
```
Expand Down

0 comments on commit de0ae96

Please sign in to comment.