Add loadbalancersourceranges to ssh service #105
No reviewers
Labels
No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-chart#105
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "JPRbrs/helm-chart:master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
SSH service might want to limit the a range of source IPs. LoadBalancerSourceRanges
enables to limit them just passing a list of CIDR addresses to whitelist
@ -9,6 +9,10 @@ metadata:
spec:
type: {{ .Values.service.ssh.type }}
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
loadBalancerSourceRanges:
Can you wrap a conditional around
loadBalancerSourceRanges
in case the array is empty?Thanks for your feedback @techknowlogick, I've just pushed a commit with the changes
@ -8,6 +8,12 @@ metadata:
{{- toYaml .Values.service.ssh.annotations | nindent 4 }}
spec:
type: {{ .Values.service.ssh.type }}
{{- if and .Values.service.ssh.loadBalancerSourceRanges }}
The "and" seems to be wrong here.
I think it would be better, if we make one if to check if type == loadBalancer.
Including two other ifs to check if sourceRanges and/or an ip is provided.
Something like this:
thanks for the feedback @luhahn I've pushed the changes
@ -10,6 +10,12 @@ spec:
type: {{ .Values.service.ssh.type }}
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
This will now only trigger, if loadBalancerIP is set AND type == LoadBalancer.
I guess you would want to use loadBalancerSourceRanges with and without a loadBalancerIP.
Please split the if above like that:
@luhahn if I'm not mistaken, loadBalancerSourceRanges is only effective for LoadBancer type services, so there is no need to use it if the service type is not LoadBalancer
It doesn't say so specifically but that is my uderstanding from the documentatoin
Yes, I know. But currently your loadBalancerSourceRanges would only apply if also a loadBalancerIP is given.
Please have a closer look at my suggested if.
Oh, I see! Many thanks for your detailed explanation, I reckon that's way better. I've just pushed the commit :)
Still not correct.
your current change:
But you still got if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "loadBalancer")
It needs to be this (without the comments of course):
Many thanks for your patience @luhahn, I've just uploaded the change slightly changing the indentation as running tests locally rendered some lines slighly off.
looks good to me now :)
@techknowlogick can you please take a look and see if it looks good to you?
thanks in advance!