Skip to content

Allow setting of source CIDR for LB rule #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow setting of source CIDR for LB rule #78

wants to merge 1 commit into from

Conversation

@CodeBleu
Copy link

@CodeBleu CodeBleu commented Jun 9, 2025 

* Annotation added to allow setting of Source CIDR for Load Balancer rule

Adding annotation like the following will create the rule with source CIDR set:

    annotations:
        service.beta.kubernetes.io/cloudstack-load-balancer-source-cidrs: "1.2.3.4/32,5.6.7.8/32"

image

@CodeBleu
Allow setting of source CIDR for LB rule
2f9f0e7 
    * Annotation added to allow setting of Source CIDR for Load Balancer
      rule
@CodeBleu CodeBleu requested a review from Pearl1594 June 9, 2025 18:23
@CodeBleu CodeBleu added the enhancement New feature or request label Oct 10, 2025
kiranchavala
kiranchavala approved these changes Oct 15, 2025
View reviewed changes
Copy link

@kiranchavala kiranchavala left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Tested by building a docker image based on the pr

Before the fix

After you expose a service, there is no source cidr list populated

k expose deploy/nginx-deployment --port=80 --type=LoadBalancer

Screenshot 2025-10-15 at 1 00 08 PM

After fix, there is source cidr populated on the loadbalancer rule

Screenshot 2025-10-15 at 12 59 42 PM

Tested with normal service.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx-deployment2
  namespace: default
  annotations:
    service.beta.kubernetes.io/cloudstack-load-balancer-source-cidrs: "1.2.3.4/32,5.6.7.8/32"
spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30558
  externalTrafficPolicy: Cluster
  allocateLoadBalancerNodePorts: true
  sessionAffinity: None
Screenshot 2025-10-15 at 1 26 53 PM

@CodeBleu
Copy link
Author

CodeBleu commented Oct 17, 2025

@Pearl1594 Do you mind doing a quick review of this? I believe I need 2 approvals and a test output before I can merge.

DaanHoogland
DaanHoogland approved these changes Oct 21, 2025
View reviewed changes
Copy link

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm

cloudstack_loadbalancer.go
Comment on lines +615 to +632
// Read the source CIDR annotation
sourceCIDRs, ok := service.Annotations[ServiceAnnotationLoadBalancerSourceCidrs]
var cidrList []string
if ok && sourceCIDRs != "" {
cidrList = strings.Split(sourceCIDRs, ",")
for i, cidr := range cidrList {
cidr = strings.TrimSpace(cidr)
if _, _, err := net.ParseCIDR(cidr); err != nil {
return nil, fmt.Errorf("invalid CIDR in annotation %s: %s", ServiceAnnotationLoadBalancerSourceCidrs, cidr)
}
cidrList[i] = cidr
}
} else {
cidrList = []string{defaultAllowedCIDR}
}

// Set the CIDR list in the parameters
p.SetCidrlist(cidrList)
Copy link

@DaanHoogland DaanHoogland Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i’d rather see

Suggested change
// Read the source CIDR annotation
sourceCIDRs, ok := service.Annotations[ServiceAnnotationLoadBalancerSourceCidrs]
var cidrList []string
if ok && sourceCIDRs != "" {
cidrList = strings.Split(sourceCIDRs, ",")
for i, cidr := range cidrList {
cidr = strings.TrimSpace(cidr)
if _, _, err := net.ParseCIDR(cidr); err != nil {
return nil, fmt.Errorf("invalid CIDR in annotation %s: %s", ServiceAnnotationLoadBalancerSourceCidrs, cidr)
}
cidrList[i] = cidr
}
} else {
cidrList = []string{defaultAllowedCIDR}
}
// Set the CIDR list in the parameters
p.SetCidrlist(cidrList)
// Set the CIDR list in the parameters
p.SetCidrlist(readTheSourceCidrAnnotation(service))

and

func readTheSourceCidrAnnotation(service *corev1.Service) []string {
	// Read the source CIDR annotation
	sourceCIDRs, ok := service.Annotations[ServiceAnnotationLoadBalancerSourceCidrs]
	var cidrList []string
	if ok && sourceCIDRs != "" {
		cidrList = strings.Split(sourceCIDRs, ",")
		for i, cidr := range cidrList {
			cidr = strings.TrimSpace(cidr)
			if _, _, err := net.ParseCIDR(cidr); err != nil {
				return nil, fmt.Errorf("invalid CIDR in annotation %s: %s", ServiceAnnotationLoadBalancerSourceCidrs, cidr)
			}
			cidrList[i] = cidr
		}
	} else {
		cidrList = []string{defaultAllowedCIDR}
	}
    return cidrList
}

(no waranty on the syntax)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kiranchavala kiranchavala kiranchavala approved these changes

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@Pearl1594 Pearl1594 Awaiting requested review from Pearl1594

@vishesh92 vishesh92 Awaiting requested review from vishesh92

@weizhouapache weizhouapache Awaiting requested review from weizhouapache

@rohityadavcloud rohityadavcloud Awaiting requested review from rohityadavcloud

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CodeBleu @kiranchavala @DaanHoogland