To restrict CIDR IP addresses - In your service manifest file (svc.yaml), you can add the .spec.loadBalancerSourceRanges field. To use the manifest file, do this command: $ kubectl apply -f svc.yaml
To make sure that the inbound rules on the security group are modified, run the AWS CLI command, you should try doing the following: If you utilize NLB Ip mode, the .spec.loadBalancerSourceRanges field is ignored by default. This annotation will allow client IP preservation. For this service with network load balancer type, try considering the max-security group limit. For every node port and subnet CIDR range, the controller makes rules on the worker node's security group.