From 9dc3170c4edefcbd77d83fea975e5b78996b8ac1 Mon Sep 17 00:00:00 2001
From: Saloni <sa.choudhary@f5.com>
Date: Thu, 14 Nov 2024 12:27:20 -0800
Subject: [PATCH 1/2] add loadBalancerSourceRanges to helm parameters

---
 charts/nginx-gateway-fabric/README.md              | 1 +
 charts/nginx-gateway-fabric/templates/service.yaml | 8 +++++++-
 charts/nginx-gateway-fabric/values.schema.json     | 9 +++++++++
 charts/nginx-gateway-fabric/values.yaml            | 3 +++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md
index 0a7745dca1..1266ccf8f0 100644
--- a/charts/nginx-gateway-fabric/README.md
+++ b/charts/nginx-gateway-fabric/README.md
@@ -300,6 +300,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `service.create` | Creates a service to expose the NGINX Gateway Fabric pods. | bool | `true` |
 | `service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | string | `"Local"` |
 | `service.loadBalancerIP` | The static IP address for the load balancer. Requires service.type set to LoadBalancer. | string | `""` |
+| `service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer. | list | `[]` |
 | `service.ports` | A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from your Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports. | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` |
 | `service.type` | The type of service to create for the NGINX Gateway Fabric. | string | `"LoadBalancer"` |
 | `serviceAccount.annotations` | Set of custom annotations for the NGINX Gateway Fabric service account. | object | `{}` |
diff --git a/charts/nginx-gateway-fabric/templates/service.yaml b/charts/nginx-gateway-fabric/templates/service.yaml
index 00b095383f..f246e818c0 100644
--- a/charts/nginx-gateway-fabric/templates/service.yaml
+++ b/charts/nginx-gateway-fabric/templates/service.yaml
@@ -17,8 +17,14 @@ spec:
   {{- end }}
 {{- end }}
   type: {{ .Values.service.type }}
-{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
+{{- if eq .Values.service.type "LoadBalancer" }}
+  {{- if .Values.service.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end }}
 {{- end}}
   selector:
     {{- include "nginx-gateway.selectorLabels" . | nindent 4 }}
diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json
index 2b0e99a32b..e3409a3612 100644
--- a/charts/nginx-gateway-fabric/values.schema.json
+++ b/charts/nginx-gateway-fabric/values.schema.json
@@ -580,6 +580,15 @@
           "title": "loadBalancerIP",
           "type": "string"
         },
+        "loadBalancerSourceRanges": {
+          "description": "The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer.",
+          "items": {
+            "required": []
+          },
+          "required": [],
+          "title": "loadBalancerSourceRanges",
+          "type": "array"
+        },
         "ports": {
           "description": "A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from\nyour Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports.",
           "items": {
diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml
index deb45ab818..d142be7b6f 100644
--- a/charts/nginx-gateway-fabric/values.yaml
+++ b/charts/nginx-gateway-fabric/values.yaml
@@ -306,6 +306,9 @@ service:
   # -- The static IP address for the load balancer. Requires service.type set to LoadBalancer.
   loadBalancerIP: ""
 
+  # -- The IP ranges (CIDR) that are allowed to access the load balancer. Requires service.type set to LoadBalancer.
+  loadBalancerSourceRanges: []
+
   # @schema
   # type: array
   # items:

From c89255b231a76cb04b8d5ce6823ede12b5e7d597 Mon Sep 17 00:00:00 2001
From: Saloni <sa.choudhary@f5.com>
Date: Thu, 14 Nov 2024 13:44:51 -0800
Subject: [PATCH 2/2] address indentation

---
 charts/nginx-gateway-fabric/templates/service.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/nginx-gateway-fabric/templates/service.yaml b/charts/nginx-gateway-fabric/templates/service.yaml
index f246e818c0..a80686dc7e 100644
--- a/charts/nginx-gateway-fabric/templates/service.yaml
+++ b/charts/nginx-gateway-fabric/templates/service.yaml
@@ -23,7 +23,7 @@ spec:
   {{- end }}
   {{- if .Values.service.loadBalancerSourceRanges }}
   loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 2 }}
   {{- end }}
 {{- end}}
   selector: