How do I restrict access to Kubernetes service?

This is now supported on GCE, GKE and AWS. If the provider does not support it, it'll be ignored.Kubernetes Doc

apiVersion: v1
kind: Service
metadata:
    name: myapp
spec:
    ports:
    - port: 8765
        targetPort: 9376
    selector:
    app: example
    type: LoadBalancer
    loadBalancerSourceRanges:
    - 10.0.0.0/8

loadBalancerSourceRanges was only promoted to a field in 1.3. It has always been an annotation called https://github.com/kubernetes/kubernetes/blob/master/pkg/api/service/annotations.go#L27 (well, since the feature existed in 1.2), which is now deprecated since we've promoted it to a field.

Note that the annotation/field is a whilelist, but it only works on supported cloud providers. If you set it to 10.0/8, you can only access the endpoints from within your kube cluster (i.e the loadbalancer ip behaves like a clusterIP). Even a node outside your cluster within the same cloudprovider will have to NAT to hit the public ip, which means the source-ip on the packet won't be a 10-dot so it won't get past the firewall. You can set it to a public ip and only that client will be able to get to your Service.