Why can't I use the Red Hat annotations to restrict access to the Red Hat OpenShift Console?

Virtual Private Cloud Classic infrastructure

When you use the Red Hat ip_whitelist allowlist annotation to allow only certain source IP addresses to access the Red Hat OpenShift Console, it does not work as expected.

By default, the source IP address is not preserved from the client (console web browser) through the load balancer and to the router pod. Because the source IP address isn't available when the filtering is done in the router pod, you can't use the ip_whitelist annotation to allow certain IP addresses to access the console.

Do not use the Red Hat ip_whitelist annotation to restrict Red Hat OpenShift Console access to specific IP address or IP address ranges. Instead, use Context Based Restrictions (CBR) for this purpose.

For more information, see Allowing Red Hat OpenShift on IBM Cloud to access other IBM Cloud resources by using CBR.