Support loadBalancerSourceRanges in gateway service #10154 (#10155)

This is usually propagated to underlying cloud providers as a firewall rule, when it is needed to further control access to Gateway LB service. Source: https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go#L3999 Configuration is optional, and can be set via gateway.loadBalancerSourceRanges value. Validated via helm template, with and without value set. Fixes https://github.com/linkerd/linkerd2/issues/10154 Signed-off-by: Ivan Ivic <tyrion85@gmail.com>
2023-01-25 00:15:11 +01:00 · 2023-01-25 00:15:11 +01:00 · 0cd97339b6
parent 5e47964f68
commit 0cd97339b6
3 changed files with 9 additions and 0 deletions
--- a/multicluster/charts/linkerd-multicluster/README.md
+++ b/multicluster/charts/linkerd-multicluster/README.md
@ -77,6 +77,7 @@ Kubernetes: `>=1.21.0-0`
 | gateway.deploymentAnnotations | object | `{}` | Annotations to add to the gateway deployment |
 | gateway.enabled | bool | `true` | If the gateway component should be installed |
 | gateway.loadBalancerIP | string | `""` | Set loadBalancerIP on gateway service |
+| gateway.loadBalancerSourceRanges | list | `[]` | Set loadBalancerSourceRanges on gateway service |
 | gateway.name | string | `"linkerd-gateway"` | The name of the gateway that will be installed |
 | gateway.pauseImage | string | `"gcr.io/google_containers/pause:3.2"` | The pause container to use |
 | gateway.port | int | `4143` | The port on which all the gateway will accept incoming traffic |
--- a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml
+++ b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml
@ -115,6 +115,12 @@ spec:
 {{- if .Values.gateway.loadBalancerIP }}
  loadBalancerIP: {{ .Values.gateway.loadBalancerIP }}
 {{- end }}
+{{- if .Values.gateway.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- range .Values.gateway.loadBalancerSourceRanges }}
+  - {{ . }}
+  {{- end }}
+{{- end }}
 ---
 kind: ServiceAccount
 apiVersion: v1
--- a/multicluster/charts/linkerd-multicluster/values.yaml
+++ b/multicluster/charts/linkerd-multicluster/values.yaml
@ -27,6 +27,8 @@ gateway:
  deploymentAnnotations: {}
  # -- Set loadBalancerIP on gateway service
  loadBalancerIP: ""
+  # -- Set loadBalancerSourceRanges on gateway service
+  loadBalancerSourceRanges: []
  # -- Set terminationGracePeriodSeconds on gateway deployment
  terminationGracePeriodSeconds: ""