It's possible to limit the set of IPs and CIDRs which are able to access an exposed LoadBalancer. There are few expose types within ISPN operator configuration and hopefully all support IP whitelisting.

e.g. for the LoadBalancer It could be done by adding loadBalancerSourceRanges to the External Service definition.

Previously it was possible to apply the following annotation service.beta.kubernetes.io/load-balancer-source-ranges, however this has been deprecated and it's recommended to use the spec.loadBalancerSourceRanges element on the Service resource instead.

We could expose this configuration to users by allowing the following:

spec: 
  expose: 
    type: LoadBalancer
    port: 65535
    sourceRanges: 
      - 0.0.0.0/0