From 36b5f731d3032e0f81bd0c8057e5cb94fd1a1c66 Mon Sep 17 00:00:00 2001
From: William Travis Holton <heytrav@users.noreply.github.com>
Date: Wed, 18 Oct 2023 22:14:35 +1300
Subject: [PATCH] Add allowedCidrs for loadbalancer ip whitelisting (#141)

---
 charts/openstack-cluster/templates/cluster-openstack.yaml | 6 ++++++
 charts/openstack-cluster/values.yaml                      | 6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/charts/openstack-cluster/templates/cluster-openstack.yaml b/charts/openstack-cluster/templates/cluster-openstack.yaml
index 3c7766b3..bea29684 100644
--- a/charts/openstack-cluster/templates/cluster-openstack.yaml
+++ b/charts/openstack-cluster/templates/cluster-openstack.yaml
@@ -45,6 +45,12 @@ spec:
     enabled: true
   {{- if .loadBalancerProvider }}
     provider: {{ .loadBalancerProvider }}
+    {{- if .allowedCidrs }}
+    allowedCidrs:
+      {{- range .allowedCidrs }}
+      - {{ . }}
+      {{- end}}
+    {{- end }}
   {{- end }}
   {{- end }}
 
diff --git a/charts/openstack-cluster/values.yaml b/charts/openstack-cluster/values.yaml
index 196dbafe..77c53fcc 100644
--- a/charts/openstack-cluster/values.yaml
+++ b/charts/openstack-cluster/values.yaml
@@ -101,7 +101,11 @@ apiServer:
   enableLoadBalancer: true
   # Indicates what loadbalancer provider to use. Default is amphora
   loadBalancerProvider:
-
+  # Restrict loadbalancer access to select IPs
+  # allowedCidrs
+  #  - 192.168.0.0/16  # needed for cluster to init
+  #  - 10.10.0.0/16  # IPv4 Internal Network
+  #  - 123.123.123.123 # some other IPs
   # Indicates whether to associate a floating IP with the API server
   associateFloatingIP: true
   # The specific floating IP to associate with the API server