diff --git a/build/crd/crunchy/generated/postgres-operator.crunchydata.com_postgresclusters.yaml b/build/crd/crunchy/generated/postgres-operator.crunchydata.com_postgresclusters.yaml
index b30d9f820a..79637b9ae2 100644
--- a/build/crd/crunchy/generated/postgres-operator.crunchydata.com_postgresclusters.yaml
+++ b/build/crd/crunchy/generated/postgres-operator.crunchydata.com_postgresclusters.yaml
@@ -13811,6 +13811,13 @@ spec:
service:
description: Specification of the service that exposes PgBouncer.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -14137,6 +14144,13 @@ spec:
description: Specification of the service that exposes the PostgreSQL
primary instance.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -15695,6 +15709,13 @@ spec:
service:
description: Specification of the service that exposes pgAdmin.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
diff --git a/build/crd/percona/generated/pgv2.percona.com_perconapgclusters.yaml b/build/crd/percona/generated/pgv2.percona.com_perconapgclusters.yaml
index a6fec6e30d..414955133b 100644
--- a/build/crd/percona/generated/pgv2.percona.com_perconapgclusters.yaml
+++ b/build/crd/percona/generated/pgv2.percona.com_perconapgclusters.yaml
@@ -7080,6 +7080,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed when type
is NodePort or LoadBalancer. Value must be in-range and not
@@ -11640,6 +11647,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed
when type is NodePort or LoadBalancer. Value must be
diff --git a/config/crd/bases/pgv2.percona.com_perconapgclusters.yaml b/config/crd/bases/pgv2.percona.com_perconapgclusters.yaml
index 702ab4ecd8..ba5c61b4f2 100644
--- a/config/crd/bases/pgv2.percona.com_perconapgclusters.yaml
+++ b/config/crd/bases/pgv2.percona.com_perconapgclusters.yaml
@@ -7153,6 +7153,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed when type
is NodePort or LoadBalancer. Value must be in-range and not
@@ -11713,6 +11720,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed
when type is NodePort or LoadBalancer. Value must be
diff --git a/config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml b/config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml
index 6c16f497d0..290da34bf3 100644
--- a/config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml
+++ b/config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml
@@ -13783,6 +13783,13 @@ spec:
service:
description: Specification of the service that exposes PgBouncer.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -14109,6 +14116,13 @@ spec:
description: Specification of the service that exposes the PostgreSQL
primary instance.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -15663,6 +15677,13 @@ spec:
service:
description: Specification of the service that exposes pgAdmin.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml
index b7696b0066..9f2217eb61 100644
--- a/deploy/bundle.yaml
+++ b/deploy/bundle.yaml
@@ -7153,6 +7153,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed when type
is NodePort or LoadBalancer. Value must be in-range and not
@@ -11713,6 +11720,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed
when type is NodePort or LoadBalancer. Value must be
@@ -27513,6 +27527,13 @@ spec:
service:
description: Specification of the service that exposes PgBouncer.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -27839,6 +27860,13 @@ spec:
description: Specification of the service that exposes the PostgreSQL
primary instance.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -29393,6 +29421,13 @@ spec:
service:
description: Specification of the service that exposes pgAdmin.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
diff --git a/deploy/cr.yaml b/deploy/cr.yaml
index 8c4c03e412..0d072e9b10 100644
--- a/deploy/cr.yaml
+++ b/deploy/cr.yaml
@@ -69,6 +69,8 @@ spec:
# labels:
# my-label: value2
# type: LoadBalancer
+# loadBalancerSourceRanges:
+# - 10.0.0.0/8
instances:
- name: instance1
@@ -130,6 +132,8 @@ spec:
# labels:
# my-label: value2
# type: LoadBalancer
+# loadBalancerSourceRanges:
+# - 10.0.0.0/8
#
# affinity:
# podAntiAffinity:
diff --git a/deploy/crd.yaml b/deploy/crd.yaml
index fa38952c0b..f5605a718c 100644
--- a/deploy/crd.yaml
+++ b/deploy/crd.yaml
@@ -7153,6 +7153,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed when type
is NodePort or LoadBalancer. Value must be in-range and not
@@ -11713,6 +11720,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed
when type is NodePort or LoadBalancer. Value must be
@@ -27513,6 +27527,13 @@ spec:
service:
description: Specification of the service that exposes PgBouncer.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -27839,6 +27860,13 @@ spec:
description: Specification of the service that exposes the PostgreSQL
primary instance.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -29393,6 +29421,13 @@ spec:
service:
description: Specification of the service that exposes pgAdmin.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
diff --git a/deploy/cw-bundle.yaml b/deploy/cw-bundle.yaml
index a587498082..d232bcd21f 100644
--- a/deploy/cw-bundle.yaml
+++ b/deploy/cw-bundle.yaml
@@ -7153,6 +7153,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed when type
is NodePort or LoadBalancer. Value must be in-range and not
@@ -11713,6 +11720,13 @@ spec:
additionalProperties:
type: string
type: object
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
nodePort:
description: The port on which this service is exposed
when type is NodePort or LoadBalancer. Value must be
@@ -27513,6 +27527,13 @@ spec:
service:
description: Specification of the service that exposes PgBouncer.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -27839,6 +27860,13 @@ spec:
description: Specification of the service that exposes the PostgreSQL
primary instance.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP CIDRs allowed
+ access to load. This field will be ignored if the cloud-provider
+ does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
@@ -29393,6 +29421,13 @@ spec:
service:
description: Specification of the service that exposes pgAdmin.
properties:
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges is a list of IP
+ CIDRs allowed access to load. This field will be ignored
+ if the cloud-provider does not support the feature.
+ items:
+ type: string
+ type: array
metadata:
description: Metadata contains metadata for custom resources
properties:
diff --git a/docs/content/references/crd.md b/docs/content/references/crd.md
index 43195dc7c7..34b429b486 100644
--- a/docs/content/references/crd.md
+++ b/docs/content/references/crd.md
@@ -13801,6 +13801,11 @@ Specification of the service that exposes the PostgreSQL primary instance.
| map[string]string |
|
false |
+
+ | loadBalancerSourceRanges |
+ []string |
+ LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load. This field will be ignored if the cloud-provider does not support the feature. |
+ false |
| nodePort |
integer |
@@ -16101,6 +16106,11 @@ Specification of the service that exposes PgBouncer.
map[string]string |
|
false |
+
+ | loadBalancerSourceRanges |
+ []string |
+ LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load. This field will be ignored if the cloud-provider does not support the feature. |
+ false |
| nodePort |
integer |
@@ -39819,6 +39829,11 @@ Specification of the service that exposes PgBouncer.
+ | loadBalancerSourceRanges |
+ []string |
+ LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load. This field will be ignored if the cloud-provider does not support the feature. |
+ false |
+
| metadata |
object |
Metadata contains metadata for custom resources |
@@ -40190,6 +40205,11 @@ Specification of the service that exposes the PostgreSQL primary instance.
+ | loadBalancerSourceRanges |
+ []string |
+ LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load. This field will be ignored if the cloud-provider does not support the feature. |
+ false |
+
| metadata |
object |
Metadata contains metadata for custom resources |
@@ -42406,6 +42426,11 @@ Specification of the service that exposes pgAdmin.
+ | loadBalancerSourceRanges |
+ []string |
+ LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load. This field will be ignored if the cloud-provider does not support the feature. |
+ false |
+
| metadata |
object |
Metadata contains metadata for custom resources |
diff --git a/internal/controller/postgrescluster/patroni.go b/internal/controller/postgrescluster/patroni.go
index 6306c9aefd..1d083e0251 100644
--- a/internal/controller/postgrescluster/patroni.go
+++ b/internal/controller/postgrescluster/patroni.go
@@ -272,6 +272,7 @@ func (r *Reconciler) generatePatroniLeaderLeaseService(
service.Spec.Type = corev1.ServiceTypeClusterIP
} else {
service.Spec.Type = corev1.ServiceType(spec.Type)
+ service.Spec.LoadBalancerSourceRanges = spec.LoadBalancerSourceRanges
if spec.NodePort != nil {
if service.Spec.Type == corev1.ServiceTypeClusterIP {
// The NodePort can only be set when the Service type is NodePort or
diff --git a/internal/controller/postgrescluster/pgadmin.go b/internal/controller/postgrescluster/pgadmin.go
index 9f29db78cc..fd370de620 100644
--- a/internal/controller/postgrescluster/pgadmin.go
+++ b/internal/controller/postgrescluster/pgadmin.go
@@ -178,6 +178,7 @@ func (r *Reconciler) generatePGAdminService(
service.Spec.Type = corev1.ServiceTypeClusterIP
} else {
service.Spec.Type = corev1.ServiceType(spec.Type)
+ service.Spec.LoadBalancerSourceRanges = spec.LoadBalancerSourceRanges
if spec.NodePort != nil {
if service.Spec.Type == corev1.ServiceTypeClusterIP {
// The NodePort can only be set when the Service type is NodePort or
diff --git a/internal/controller/postgrescluster/pgbouncer.go b/internal/controller/postgrescluster/pgbouncer.go
index 9cafe5e130..babf7e50a7 100644
--- a/internal/controller/postgrescluster/pgbouncer.go
+++ b/internal/controller/postgrescluster/pgbouncer.go
@@ -313,6 +313,7 @@ func (r *Reconciler) generatePGBouncerService(
service.Spec.Type = corev1.ServiceTypeClusterIP
} else {
service.Spec.Type = corev1.ServiceType(spec.Type)
+ service.Spec.LoadBalancerSourceRanges = spec.LoadBalancerSourceRanges
if spec.NodePort != nil {
if service.Spec.Type == corev1.ServiceTypeClusterIP {
// The NodePort can only be set when the Service type is NodePort or
diff --git a/percona/controller/pgcluster/controller_test.go b/percona/controller/pgcluster/controller_test.go
index eaa3c77096..cb799f3b22 100644
--- a/percona/controller/pgcluster/controller_test.go
+++ b/percona/controller/pgcluster/controller_test.go
@@ -799,3 +799,56 @@ var _ = Describe("Version labels", Ordered, func() {
})))
})
})
+
+var _ = Describe("Services with LoadBalancerSourceRanges", Ordered, func() {
+ ctx := context.Background()
+
+ const crName = "lb-source-ranges"
+ const ns = crName
+ crNamespacedName := types.NamespacedName{Name: crName, Namespace: ns}
+
+ namespace := &corev1.Namespace{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: crName,
+ Namespace: ns,
+ },
+ }
+
+ BeforeAll(func() {
+ By("Creating the Namespace to perform the tests")
+ err := k8sClient.Create(ctx, namespace)
+ Expect(err).To(Not(HaveOccurred()))
+ })
+
+ AfterAll(func() {
+ By("Deleting the Namespace to perform the tests")
+ _ = k8sClient.Delete(ctx, namespace)
+ })
+
+ cr, err := readDefaultCR(crName, ns)
+ It("should read defautl cr.yaml", func() {
+ Expect(err).NotTo(HaveOccurred())
+ })
+
+ It("should create PerconaPGCluster with service exposed with loadBalancerSourceRanges", func() {
+ cr.Spec.Expose = &v2.ServiceExpose{
+ Type: "LoadBalancer",
+ LoadBalancerSourceRanges: []string{"10.10.10.10/16"},
+ }
+ Expect(k8sClient.Create(ctx, cr)).Should(Succeed())
+ })
+
+ It("should reconcile", func() {
+ _, err := reconciler().Reconcile(ctx, ctrl.Request{NamespacedName: crNamespacedName})
+ Expect(err).NotTo(HaveOccurred())
+ _, err = crunchyReconciler().Reconcile(ctx, ctrl.Request{NamespacedName: crNamespacedName})
+ Expect(err).NotTo(HaveOccurred())
+ })
+
+ It("should create services with loadBalancerSourceRanges ", func() {
+ haService := &corev1.Service{}
+ err := k8sClient.Get(ctx, types.NamespacedName{Namespace: cr.Namespace, Name: cr.Name + "-ha"}, haService)
+ Expect(err).NotTo(HaveOccurred())
+ Expect(haService.Spec.LoadBalancerSourceRanges).To(Equal(cr.Spec.Expose.LoadBalancerSourceRanges))
+ })
+})
diff --git a/pkg/apis/pgv2.percona.com/v2/perconapgcluster_types.go b/pkg/apis/pgv2.percona.com/v2/perconapgcluster_types.go
index 326987e5af..f5a3eafacc 100644
--- a/pkg/apis/pgv2.percona.com/v2/perconapgcluster_types.go
+++ b/pkg/apis/pgv2.percona.com/v2/perconapgcluster_types.go
@@ -423,6 +423,11 @@ type ServiceExpose struct {
// +kubebuilder:default=ClusterIP
// +kubebuilder:validation:Enum={ClusterIP,NodePort,LoadBalancer}
Type string `json:"type,omitempty"`
+
+ // LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load.
+ // This field will be ignored if the cloud-provider does not support the feature.
+ // +optional
+ LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`
}
func (s *ServiceExpose) ToCrunchy() *crunchyv1beta1.ServiceSpec {
@@ -435,8 +440,9 @@ func (s *ServiceExpose) ToCrunchy() *crunchyv1beta1.ServiceSpec {
Annotations: s.Annotations,
Labels: s.Labels,
},
- NodePort: s.NodePort,
- Type: s.Type,
+ NodePort: s.NodePort,
+ Type: s.Type,
+ LoadBalancerSourceRanges: s.LoadBalancerSourceRanges,
}
}
diff --git a/pkg/apis/pgv2.percona.com/v2/zz_generated.deepcopy.go b/pkg/apis/pgv2.percona.com/v2/zz_generated.deepcopy.go
index cc01ba9612..cd1ea8bb43 100644
--- a/pkg/apis/pgv2.percona.com/v2/zz_generated.deepcopy.go
+++ b/pkg/apis/pgv2.percona.com/v2/zz_generated.deepcopy.go
@@ -687,6 +687,11 @@ func (in *ServiceExpose) DeepCopyInto(out *ServiceExpose) {
*out = new(int32)
**out = **in
}
+ if in.LoadBalancerSourceRanges != nil {
+ in, out := &in.LoadBalancerSourceRanges, &out.LoadBalancerSourceRanges
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceExpose.
diff --git a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/shared_types.go b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/shared_types.go
index 506ca72610..933f54e3c0 100644
--- a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/shared_types.go
+++ b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/shared_types.go
@@ -55,6 +55,11 @@ type ServiceSpec struct {
// +kubebuilder:default=ClusterIP
// +kubebuilder:validation:Enum={ClusterIP,NodePort,LoadBalancer}
Type string `json:"type"`
+
+ // LoadBalancerSourceRanges is a list of IP CIDRs allowed access to load.
+ // This field will be ignored if the cloud-provider does not support the feature.
+ // +optional
+ LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`
}
// Sidecar defines the configuration of a sidecar container
diff --git a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/zz_generated.deepcopy.go b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/zz_generated.deepcopy.go
index 0adae3b8c1..b6efac4f59 100644
--- a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/zz_generated.deepcopy.go
+++ b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/zz_generated.deepcopy.go
@@ -1777,6 +1777,11 @@ func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) {
*out = new(int32)
**out = **in
}
+ if in.LoadBalancerSourceRanges != nil {
+ in, out := &in.LoadBalancerSourceRanges, &out.LoadBalancerSourceRanges
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceSpec.