diff --git a/kibana/README.md b/kibana/README.md
index 53579c743..776554632 100644
--- a/kibana/README.md
+++ b/kibana/README.md
@@ -78,7 +78,7 @@ helm install --name kibana elastic/kibana --set imageTag=7.5.1
| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Kibana instances | `{}` |
| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Kibana service. See [`values.yaml`](./values.yaml) for an example | `enabled: false` |
-| `service` | Configurable [service](https://kubernetes.io/docs/concepts/services-networking/service/) to expose the Kibana service. See [`values.yaml`](./values.yaml) for an example | `type: ClusterIP`
`port: 5601`
`nodePort:`
`labels: {}`
`annotations: {}` |
+| `service` | Configurable [service](https://kubernetes.io/docs/concepts/services-networking/service/) to expose the Kibana service. See [`values.yaml`](./values.yaml) for an example | `type: ClusterIP`
`port: 5601`
`nodePort:`
`annotations: {}`
`loadBalancerSourceRanges: {}` |
| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Kibana pods | `{}` |
| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to "`.Release.Name`-`.Values.nameOverride or .Chart.Name`" | `""` |
diff --git a/kibana/templates/service.yaml b/kibana/templates/service.yaml
index c996471af..5734580bf 100644
--- a/kibana/templates/service.yaml
+++ b/kibana/templates/service.yaml
@@ -16,6 +16,10 @@ metadata:
{{- end }}
spec:
type: {{ .Values.service.type }}
+{{- with .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{ toYaml . | indent 4 }}
+{{- end }}
ports:
- port: {{ .Values.service.port }}
{{- if .Values.service.nodePort }}
diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py
index 8404adb7e..8a8103865 100644
--- a/kibana/tests/kibana_test.py
+++ b/kibana/tests/kibana_test.py
@@ -47,6 +47,9 @@ def test_defaults():
# Make sure that the default 'annotation' dictionary is empty
assert 'annotations' not in r['service'][name]['metadata']
+ # Make sure that the default 'loadBalancerSourceRanges' list is empty
+ assert 'loadBalancerSourceRanges' not in r['service'][name]['spec']
+
def test_overriding_the_elasticsearch_hosts():
config = '''
elasticsearchHosts: 'http://hello.world'
@@ -323,6 +326,30 @@ def test_service_annotatations():
s = r['service'][name]['metadata']['annotations']['service.beta.kubernetes.io/aws-load-balancer-internal']
assert s == "0.0.0.0/0"
+
+def test_service_load_balancer_source_ranges():
+ config = '''
+service:
+ loadBalancerSourceRanges:
+ - 0.0.0.0/0
+ '''
+ r = helm_template(config)
+ l = r['service'][name]['spec']['loadBalancerSourceRanges'][0]
+ assert l == "0.0.0.0/0"
+
+ config = '''
+service:
+ loadBalancerSourceRanges:
+ - 192.168.0.0/24
+ - 192.168.1.0/24
+ '''
+ r = helm_template(config)
+ l = r['service'][name]['spec']['loadBalancerSourceRanges'][0]
+ assert l == "192.168.0.0/24"
+ l = r['service'][name]['spec']['loadBalancerSourceRanges'][1]
+ assert l == "192.168.1.0/24"
+
+
def test_adding_a_nodePort():
config = ''
diff --git a/kibana/values.yaml b/kibana/values.yaml
index fa83da097..5c5130825 100755
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@@ -87,6 +87,8 @@ service:
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
# service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true"
+ loadBalancerSourceRanges: []
+ # 0.0.0.0/0
ingress:
enabled: false