From 546d891a226917c21a661126cad339e57c6a993a Mon Sep 17 00:00:00 2001 From: Mike Ludwig Date: Tue, 27 Oct 2020 16:36:51 -0400 Subject: [PATCH] support internal IP address range configuration for api-server Arvados-DCO-1.1-Signed-off-by: Michael Ludwig --- charts/arvados/templates/api-server-configmap.yaml | 4 +++- charts/arvados/values.yaml | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/arvados/templates/api-server-configmap.yaml b/charts/arvados/templates/api-server-configmap.yaml index 3de9974..80e3f7e 100644 --- a/charts/arvados/templates/api-server-configmap.yaml +++ b/charts/arvados/templates/api-server-configmap.yaml @@ -43,7 +43,9 @@ data: # direct access to Keep storage daemons to set this header value to 0. geo $external_client { default 1; - 10.0.0.0/8 0; + {{- range .Values.internalIPs }} + {{ . }} 0; + {{- end }} } server { diff --git a/charts/arvados/values.yaml b/charts/arvados/values.yaml index 569eb95..b84eb8e 100644 --- a/charts/arvados/values.yaml +++ b/charts/arvados/values.yaml @@ -13,6 +13,14 @@ image: # Must be set to a valid IP address, e.g. by using --set when invoking helm externalIP: ~ +# A list of CIDRs that have direct access to the Keep store service. All other +# IP addresses will use the Keep proxy. +# If hosts outside your cluster are in the default range (10.0.0.0/8), change +# this to the exact CIDR of your cluster. +# If using MetaLB with apiServerExternalTrafficPolicy set to Cluster, set this +# to an empty list, since the source IP will be obscured. +internalIPs: [10.0.0.0/8] + loadBalancer: # Annotations to add to all LoadBalancer Services. # This is required for MetalLB, since the same externalIP is reused for all -- 2.30.2