Skip to content

feat(gateway-helm): support loadBalancerIP for LoadBalancer service type #7686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
patsevanton wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(gateway-helm): support loadBalancerIP for LoadBalancer service type #7686

patsevanton wants to merge 3 commits into from
+7 −1

Conversation

@patsevanton
Copy link

@patsevanton patsevanton commented Dec 7, 2025

What type of PR is this?
feat(gateway-helm)

What this PR does / why we need it:
This PR adds support for setting a static loadBalancerIP when the service type is configured as LoadBalancer. Currently, the Helm chart does not allow users to specify a pre-existing IP address for the LoadBalancer service, which can be required in certain environments (e.g., for IP whitelisting, DNS records, or network policies). With this change, users can define service.loadBalancerIP in their values file to assign a fixed IP to the Envoy Gateway service.

@patsevanton patsevanton requested a review from a team as a code owner December 7, 2025 09:56
@patsevanton
Copy link
Author

patsevanton commented Dec 7, 2025

helm get manifest -n envoy-gateway-system eg | grep "kind: Service" -A 50

# Source: gateway-helm/templates/envoy-gateway-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: envoy-gateway
  namespace: 'envoy-gateway-system'
  labels:
    control-plane: envoy-gateway
    helm.sh/chart: gateway-helm-v0.0.0-latest
    app.kubernetes.io/name: gateway-helm
    app.kubernetes.io/instance: eg
    app.kubernetes.io/version: "latest"
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  selector:
    control-plane: envoy-gateway
    app.kubernetes.io/name: gateway-helm
    app.kubernetes.io/instance: eg
  ports:
  - name: grpc
    port: 18000
    targetPort: 18000
  - name: ratelimit
    port: 18001
    targetPort: 18001
  - name: wasm
    port: 18002
    targetPort: 18002
  - name: metrics
    port: 19001
    targetPort: 19001
  - name: webhook
    port: 9443
    targetPort: 9443

@patsevanton
Copy link
Author

patsevanton commented Dec 7, 2025

test with values:

service:
  # If set to PreferClose, the Envoy fleet will prioritize connecting to the Envoy Gateway pods that are topologically closest to them.
  trafficDistribution: ""
  annotations: {}
  type: "LoadBalancer"
  loadBalancerIP: "172.18.0.201"

helm get manifest -n envoy-gateway-system eg | grep "kind: Service" -A 50

# Source: gateway-helm/templates/envoy-gateway-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: envoy-gateway
  namespace: 'envoy-gateway-system'
  labels:
    control-plane: envoy-gateway
    helm.sh/chart: gateway-helm-v0.0.0-latest
    app.kubernetes.io/name: gateway-helm
    app.kubernetes.io/instance: eg
    app.kubernetes.io/version: "latest"
    app.kubernetes.io/managed-by: Helm
spec:
  type: LoadBalancer
  loadBalancerIP: 172.18.0.201
  selector:
    control-plane: envoy-gateway
    app.kubernetes.io/name: gateway-helm
    app.kubernetes.io/instance: eg
  ports:
  - name: grpc
    port: 18000
    targetPort: 18000
  - name: ratelimit
    port: 18001
    targetPort: 18001
  - name: wasm
    port: 18002
    targetPort: 18002
  - name: metrics
    port: 19001
    targetPort: 19001
  - name: webhook
    port: 9443
    targetPort: 9443

@patsevanton
Copy link
Author

patsevanton commented Dec 7, 2025

Do I need to update the docs and changelog?

@jukie
Copy link
Contributor

jukie commented Dec 7, 2025

Running make gen-check locally will update docs and helm rendering.

Can you also include a test case update to https://github.com/envoyproxy/gateway/blob/main/test/helm/gateway-helm/service-customization.in.yaml?

@codecov
Copy link

codecov bot commented Dec 7, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.33%. Comparing base (aa3ad43) to head (091cac2).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7686      +/-   ##
==========================================
- Coverage   72.36%   72.33%   -0.03%     
==========================================
  Files         233      233              
  Lines       34343    34343              
==========================================
- Hits        24851    24843       -8     
- Misses       7712     7717       +5     
- Partials     1780     1783       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@patsevanton
Copy link
Author

patsevanton commented Dec 8, 2025

i run command make gen-check and get error

go tool -modfile=/home/user/github/patsevanton/envoyproxy-gateway-fork/tools/go.mod buf generate
Failure: could not get module data for remote module "buf.build/cncf/xds": permission_denied: 403 Forbidden
make[1]: *** [tools/make/proto.mk:5: protos] Error 1
make[1]: Leaving directory '/home/user/github/patsevanton/envoyproxy-gateway-fork'
make: *** [Makefile:18: _run] Error 2

How debug

and e2e tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@patsevanton @jukie