From 1f60f9e3467ff82859e94b4a31156d45372c23a7 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:33:41 -0800 Subject: [PATCH] Add loadBalancerSourceRanges to helm parameters (#2773) Add loadBalancerSourceRanges to helm parameters Problem: Users need a way to provide the loadBalancerSourceRanges to restrict IPs that can access the load balancer. Solution: Added a helm parameter to specify loadBalancerSourceRanges during helm install/upgrade --- charts/nginx-gateway-fabric/README.md | 1 + charts/nginx-gateway-fabric/templates/service.yaml | 8 +++++++- charts/nginx-gateway-fabric/values.schema.json | 9 +++++++++ charts/nginx-gateway-fabric/values.yaml | 3 +++ 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 0a7745dca1..1266ccf8f0 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -300,6 +300,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `service.create` | Creates a service to expose the NGINX Gateway Fabric pods. | bool | `true` | | `service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | string | `"Local"` | | `service.loadBalancerIP` | The static IP address for the load balancer. Requires service.type set to LoadBalancer. | string | `""` | +| `service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer. | list | `[]` | | `service.ports` | A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from your Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports. | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` | | `service.type` | The type of service to create for the NGINX Gateway Fabric. | string | `"LoadBalancer"` | | `serviceAccount.annotations` | Set of custom annotations for the NGINX Gateway Fabric service account. | object | `{}` | diff --git a/charts/nginx-gateway-fabric/templates/service.yaml b/charts/nginx-gateway-fabric/templates/service.yaml index 00b095383f..a80686dc7e 100644 --- a/charts/nginx-gateway-fabric/templates/service.yaml +++ b/charts/nginx-gateway-fabric/templates/service.yaml @@ -17,8 +17,14 @@ spec: {{- end }} {{- end }} type: {{ .Values.service.type }} -{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} +{{- if eq .Values.service.type "LoadBalancer" }} + {{- if .Values.service.loadBalancerIP }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 2 }} + {{- end }} {{- end}} selector: {{- include "nginx-gateway.selectorLabels" . | nindent 4 }} diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index 2b0e99a32b..e3409a3612 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -580,6 +580,15 @@ "title": "loadBalancerIP", "type": "string" }, + "loadBalancerSourceRanges": { + "description": "The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer.", + "items": { + "required": [] + }, + "required": [], + "title": "loadBalancerSourceRanges", + "type": "array" + }, "ports": { "description": "A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from\nyour Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports.", "items": { diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index deb45ab818..d142be7b6f 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -306,6 +306,9 @@ service: # -- The static IP address for the load balancer. Requires service.type set to LoadBalancer. loadBalancerIP: "" + # -- The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer. + loadBalancerSourceRanges: [] + # @schema # type: array # items: