Re: [PR] Allow setting of source CIDR for LB rule [cloudstack-kubernetes-provider]

Tue, 21 Oct 2025 06:27:02 -0700 


DaanHoogland commented on code in PR #78:
URL: 
https://github.com/apache/cloudstack-kubernetes-provider/pull/78#discussion_r2448278569


##########
cloudstack_loadbalancer.go:
##########
@@ -606,12 +607,30 @@ func (lb *loadBalancer) createLoadBalancerRule(lbRuleName 
string, port corev1.Se
 
        p.SetNetworkid(lb.networkID)
        p.SetPublicipid(lb.ipAddrID)
-
        p.SetProtocol(protocol.CSProtocol())
 
        // Do not open the firewall implicitly, we always create explicit 
firewall rules
        p.SetOpenfirewall(false)
 
+       // Read the source CIDR annotation
+       sourceCIDRs, ok := 
service.Annotations[ServiceAnnotationLoadBalancerSourceCidrs]
+       var cidrList []string
+       if ok && sourceCIDRs != "" {
+               cidrList = strings.Split(sourceCIDRs, ",")
+               for i, cidr := range cidrList {
+                       cidr = strings.TrimSpace(cidr)
+                       if _, _, err := net.ParseCIDR(cidr); err != nil {
+                               return nil, fmt.Errorf("invalid CIDR in 
annotation %s: %s", ServiceAnnotationLoadBalancerSourceCidrs, cidr)
+                       }
+                       cidrList[i] = cidr
+               }
+       } else {
+               cidrList = []string{defaultAllowedCIDR}
+       }
+
+       // Set the CIDR list in the parameters
+       p.SetCidrlist(cidrList)

Review Comment:
   i’d rather see 
   ```suggestion
   
        // Set the CIDR list in the parameters
        p.SetCidrlist(readTheSourceCidrAnnotation(service))
   ```
   
   and
   
   ```
   func readTheSourceCidrAnnotation(service *corev1.Service) []string {
        // Read the source CIDR annotation
        sourceCIDRs, ok := 
service.Annotations[ServiceAnnotationLoadBalancerSourceCidrs]
        var cidrList []string
        if ok && sourceCIDRs != "" {
                cidrList = strings.Split(sourceCIDRs, ",")
                for i, cidr := range cidrList {
                        cidr = strings.TrimSpace(cidr)
                        if _, _, err := net.ParseCIDR(cidr); err != nil {
                                return nil, fmt.Errorf("invalid CIDR in 
annotation %s: %s", ServiceAnnotationLoadBalancerSourceCidrs, cidr)
                        }
                        cidrList[i] = cidr
                }
        } else {
                cidrList = []string{defaultAllowedCIDR}
        }
       return cidrList
   }
   ```
   
   (no waranty on the syntax)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to