Add loadbalancersourceranges to ssh service #105
Assignees 
42wim 
6543 
a1012112796 
Akkuman 
appleboy 
axifive 
betacat0 
blumia 
bwko 
caicandong 
ChristopherHX 
DaanSelen 
davidsvantesson 
delvh 
denyskon 
fuxiaohei 
gary-kim 
garymoon 
giteabot 
guillep2k 
HesterG 
hiifong 
jaqra 
jolheiser 
jonasfranz 
jpraet 
kdumontnu 
kemzeb 
kerwin612 
khmarbaise 
KN4CK3R 
kolaente 
lafriks 
lng2020 
lotherk 
luhahn 
lunny 
mrsdizzie 
noerw 
pat-s 
puni9869 
renovate-bot 
richmahn 
rossigee 
sapk 
screenshots 
sillyguodong 
silverwind 
smartclip_tim 
strk 
tboerger 
techknowlogick 
TheFox0x7 
tobiasbp 
typeless 
volker.raschek 
wolfogre 
wxiaoguang 
yardenshoham 
yp05327 
zeripath 
Zettat123
Clear assignees
42wim 6543 a1012112796 Akkuman appleboy axifive betacat0 blumia bwko caicandong ChristopherHX DaanSelen davidsvantesson delvh denyskon fuxiaohei gary-kim garymoon giteabot guillep2k HesterG hiifong jaqra jolheiser jonasfranz jpraet kdumontnu kemzeb kerwin612 khmarbaise KN4CK3R kolaente lafriks lng2020 lotherk luhahn lunny mrsdizzie noerw pat-s puni9869 renovate-bot richmahn rossigee sapk screenshots sillyguodong silverwind smartclip_tim strk tboerger techknowlogick TheFox0x7 tobiasbp typeless volker.raschek wolfogre wxiaoguang yardenshoham yp05327 zeripath Zettat123 No Assignees
Notifications
Due Date No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-gitea#105
Reference in New Issue
Block a user
No description provided.
Delete Branch "JPRbrs/helm-chart:master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
SSH service might want to limit the a range of source IPs. LoadBalancerSourceRanges
enables to limit them just passing a list of CIDR addresses to whitelist
@@ -9,6 +9,10 @@ metadata:spec:type: {{ .Values.service.ssh.type }}{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}loadBalancerSourceRanges:Can you wrap a conditional around
loadBalancerSourceRangesin case the array is empty?Thanks for your feedback @techknowlogick, I've just pushed a commit with the changes
@@ -8,6 +8,12 @@ metadata:{{- toYaml .Values.service.ssh.annotations | nindent 4 }}spec:type: {{ .Values.service.ssh.type }}{{- if and .Values.service.ssh.loadBalancerSourceRanges }}The "and" seems to be wrong here.
I think it would be better, if we make one if to check if type == loadBalancer.
Including two other ifs to check if sourceRanges and/or an ip is provided.
Something like this:
thanks for the feedback @luhahn I've pushed the changes
@@ -10,6 +10,12 @@ spec:type: {{ .Values.service.ssh.type }}{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}This will now only trigger, if loadBalancerIP is set AND type == LoadBalancer.
I guess you would want to use loadBalancerSourceRanges with and without a loadBalancerIP.
Please split the if above like that:
@luhahn if I'm not mistaken, loadBalancerSourceRanges is only effective for LoadBancer type services, so there is no need to use it if the service type is not LoadBalancer
It doesn't say so specifically but that is my uderstanding from the documentatoin
Yes, I know. But currently your loadBalancerSourceRanges would only apply if also a loadBalancerIP is given.
Please have a closer look at my suggested if.
Oh, I see! Many thanks for your detailed explanation, I reckon that's way better. I've just pushed the commit :)
Still not correct.
your current change:
But you still got if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "loadBalancer")
It needs to be this (without the comments of course):
Many thanks for your patience @luhahn, I've just uploaded the change slightly changing the indentation as running tests locally rendered some lines slighly off.
looks good to me now :)
@techknowlogick can you please take a look and see if it looks good to you?
thanks in advance!