Add loadBalancerSourceRanges to helm parameters (#2773)

Add loadBalancerSourceRanges to helm parameters Problem: Users need a way to provide the loadBalancerSourceRanges to restrict IPs that can access the load balancer. Solution: Added a helm parameter to specify loadBalancerSourceRanges during helm install/upgrade
nginxinc · Nov 15, 2024 · 1f60f9e · 1f60f9e
1 parent e7d217a
commit 1f60f9e
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md
@@ -300,6 +300,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `service.create` | Creates a service to expose the NGINX Gateway Fabric pods. | bool | `true` |
 | `service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | string | `"Local"` |
 | `service.loadBalancerIP` | The static IP address for the load balancer. Requires service.type set to LoadBalancer. | string | `""` |
+| `service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer. | list | `[]` |
 | `service.ports` | A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from your Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports. | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` |
 | `service.type` | The type of service to create for the NGINX Gateway Fabric. | string | `"LoadBalancer"` |
 | `serviceAccount.annotations` | Set of custom annotations for the NGINX Gateway Fabric service account. | object | `{}` |

diff --git a/charts/nginx-gateway-fabric/templates/service.yaml b/charts/nginx-gateway-fabric/templates/service.yaml
@@ -17,8 +17,14 @@ spec:
   {{- end }}
 {{- end }}
   type: {{ .Values.service.type }}
-{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
+{{- if eq .Values.service.type "LoadBalancer" }}
+  {{- if .Values.service.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 2 }}
+  {{- end }}
 {{- end}}
   selector:
     {{- include "nginx-gateway.selectorLabels" . | nindent 4 }}

diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json
@@ -580,6 +580,15 @@
           "title": "loadBalancerIP",
           "type": "string"
         },
+        "loadBalancerSourceRanges": {
+          "description": "The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer.",
+          "items": {
+            "required": []
+          },
+          "required": [],
+          "title": "loadBalancerSourceRanges",
+          "type": "array"
+        },
         "ports": {
           "description": "A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from\nyour Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports.",
           "items": {

diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml
@@ -306,6 +306,9 @@ service:
   # -- The static IP address for the load balancer. Requires service.type set to LoadBalancer.
   loadBalancerIP: ""
 
+  # -- The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer.
+  loadBalancerSourceRanges: []
+
   # @schema
   # type: array
   # items: