I run Kong/KIC on AKS cluster
- Kubernetes 1.25.5
- Kong 3.0
- KIC 2.7
- Kong Helm charts 2.15.3
I use the
apiVersion: configuration.konghq.com/v1 kind: KongClusterPlugin metadata: name: ip-restriction-allow-contoso-vpn namespace: kong annotations: kubernetes.io/ingress.class: kong config: allow: # VPN - 123.456.789.1 # AKS LB - 987.654.321.1 plugin: ip-restriction
Everything worked fine for months and suddenly routes and services that were restricted with the plugin stopped working with Kong Error:
Your IP address is not allowed.
The only things that I changed in my cluster were
- re-deployment of the Kong stack
- updated Kong Helm chart from 2.13.1 to 2.14.0 and then to 2.15.3 (as part of troubleshooting of Kong Proxy Service not reachable from outside with Kubernetes AKS 1.24.6 · Issue #694 · Kong/charts · GitHub).
Additionally, IP Restriction plugin | Kong Docs doesn’t mention any breaking changes and my AKS LP IP has not changed.
What could break my setup? Is this possible the charts upgrades or perhaps AKS LBS fiddling with