From 26f1311648a085fc6ae14654fae7dbf0a69dc218 Mon Sep 17 00:00:00 2001 From: Jordan May Date: Tue, 14 Jan 2025 10:43:39 -0500 Subject: [PATCH] Add AllowGlobalAccess support for InternalLoadBalancer. --- api/v1beta1/types.go | 8 ++++++++ cloud/services/compute/loadbalancers/reconcile.go | 3 +++ .../infrastructure.cluster.x-k8s.io_gcpclusters.yaml | 9 +++++++++ ...rastructure.cluster.x-k8s.io_gcpclustertemplates.yaml | 9 +++++++++ ...frastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml | 9 +++++++++ 5 files changed, 38 insertions(+) diff --git a/api/v1beta1/types.go b/api/v1beta1/types.go index 6d64ac30f..d333553b2 100644 --- a/api/v1beta1/types.go +++ b/api/v1beta1/types.go @@ -371,4 +371,12 @@ type LoadBalancer struct { // required for the Load Balancer, if not defined the first configured subnet will be // used. Subnet *string `json:"subnet,omitempty"` + + // AllowGlobalAccess. If set to true, clients can access the internal + // passthrough Network Load Balancers, the regional internal Application Load + // Balancer, and the regional internal proxy Network Load Balancer from all + // regions. If false, only allows access from the local region the load + // balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, + // this field cannot be changed after the forwarding rule is created. + AllowGlobalAccess bool `json:"allowGlobalAccess,omitempty"` } diff --git a/cloud/services/compute/loadbalancers/reconcile.go b/cloud/services/compute/loadbalancers/reconcile.go index 9bd356d1f..75a0cda9c 100644 --- a/cloud/services/compute/loadbalancers/reconcile.go +++ b/cloud/services/compute/loadbalancers/reconcile.go @@ -599,6 +599,9 @@ func (s *Service) createOrGetRegionalForwardingRule(ctx context.Context, lbname log := log.FromContext(ctx) spec := s.scope.ForwardingRuleSpec(lbname) spec.LoadBalancingScheme = string(loadBalanceTrafficInternal) + if lbSpec := s.scope.LoadBalancer(); lbSpec.InternalLoadBalancer != nil { + spec.AllowGlobalAccess = lbSpec.InternalLoadBalancer.AllowGlobalAccess + } spec.Region = s.scope.Region() spec.BackendService = backendSvc.SelfLink // Ports is used instead or PortRange for passthrough Load Balancer diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml index 01c26c4ee..87670096b 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml @@ -122,6 +122,15 @@ spec: description: InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. properties: + allowGlobalAccess: + description: |- + AllowGlobalAccess. If set to true, clients can access the internal + passthrough Network Load Balancers, the regional internal Application Load + Balancer, and the regional internal proxy Network Load Balancer from all + regions. If false, only allows access from the local region the load + balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, + this field cannot be changed after the forwarding rule is created. + type: boolean name: description: |- Name is the name of the Load Balancer. If not set a default name diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml index 592bc4635..add54e0bc 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml @@ -138,6 +138,15 @@ spec: description: InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. properties: + allowGlobalAccess: + description: |- + AllowGlobalAccess. If set to true, clients can access the internal + passthrough Network Load Balancers, the regional internal Application Load + Balancer, and the regional internal proxy Network Load Balancer from all + regions. If false, only allows access from the local region the load + balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, + this field cannot be changed after the forwarding rule is created. + type: boolean name: description: |- Name is the name of the Load Balancer. If not set a default name diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml index 98a4dddb1..2be5f4335 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml @@ -117,6 +117,15 @@ spec: description: InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. properties: + allowGlobalAccess: + description: |- + AllowGlobalAccess. If set to true, clients can access the internal + passthrough Network Load Balancers, the regional internal Application Load + Balancer, and the regional internal proxy Network Load Balancer from all + regions. If false, only allows access from the local region the load + balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, + this field cannot be changed after the forwarding rule is created. + type: boolean name: description: |- Name is the name of the Load Balancer. If not set a default name