Add AllowGlobalAccess support for InternalLoadBalancer.

jwmay2012 · jwmay2012 · commit 26f1311648a0 · 2025-01-14T11:55:48.000-05:00
diff --git a/api/v1beta1/types.go b/api/v1beta1/types.go
@@ -371,4 +371,12 @@ type LoadBalancer struct {
 	// required for the Load Balancer, if not defined the first configured subnet will be
 	// used.
 	Subnet *string `json:"subnet,omitempty"`
+
+	// AllowGlobalAccess. If set to true, clients can access the internal
+	// passthrough Network Load Balancers, the regional internal Application Load
+	// Balancer, and the regional internal proxy Network Load Balancer from all
+	// regions. If false, only allows access from the local region the load
+	// balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
+	// this field cannot be changed after the forwarding rule is created.
+	AllowGlobalAccess bool `json:"allowGlobalAccess,omitempty"`
 }
diff --git a/cloud/services/compute/loadbalancers/reconcile.go b/cloud/services/compute/loadbalancers/reconcile.go
@@ -599,6 +599,9 @@ func (s *Service) createOrGetRegionalForwardingRule(ctx context.Context, lbname
 	log := log.FromContext(ctx)
 	spec := s.scope.ForwardingRuleSpec(lbname)
 	spec.LoadBalancingScheme = string(loadBalanceTrafficInternal)
+	if lbSpec := s.scope.LoadBalancer(); lbSpec.InternalLoadBalancer != nil {
+		spec.AllowGlobalAccess = lbSpec.InternalLoadBalancer.AllowGlobalAccess
+	}
 	spec.Region = s.scope.Region()
 	spec.BackendService = backendSvc.SelfLink
 	// Ports is used instead or PortRange for passthrough Load Balancer
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml
@@ -122,6 +122,15 @@ spec:
                     description: InternalLoadBalancer is the configuration for an
                       Internal Passthrough Network Load Balancer.
                     properties:
+                      allowGlobalAccess:
+                        description: |-
+                          AllowGlobalAccess. If set to true, clients can access the internal
+                          passthrough Network Load Balancers, the regional internal Application Load
+                          Balancer, and the regional internal proxy Network Load Balancer from all
+                          regions. If false, only allows access from the local region the load
+                          balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
+                          this field cannot be changed after the forwarding rule is created.
+                        type: boolean
                       name:
                         description: |-
                           Name is the name of the Load Balancer. If not set a default name
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml
@@ -138,6 +138,15 @@ spec:
                             description: InternalLoadBalancer is the configuration
                               for an Internal Passthrough Network Load Balancer.
                             properties:
+                              allowGlobalAccess:
+                                description: |-
+                                  AllowGlobalAccess. If set to true, clients can access the internal
+                                  passthrough Network Load Balancers, the regional internal Application Load
+                                  Balancer, and the regional internal proxy Network Load Balancer from all
+                                  regions. If false, only allows access from the local region the load
+                                  balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
+                                  this field cannot be changed after the forwarding rule is created.
+                                type: boolean
                               name:
                                 description: |-
                                   Name is the name of the Load Balancer. If not set a default name
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml
@@ -117,6 +117,15 @@ spec:
                     description: InternalLoadBalancer is the configuration for an
                       Internal Passthrough Network Load Balancer.
                     properties:
+                      allowGlobalAccess:
+                        description: |-
+                          AllowGlobalAccess. If set to true, clients can access the internal
+                          passthrough Network Load Balancers, the regional internal Application Load
+                          Balancer, and the regional internal proxy Network Load Balancer from all
+                          regions. If false, only allows access from the local region the load
+                          balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
+                          this field cannot be changed after the forwarding rule is created.
+                        type: boolean
                       name:
                         description: |-
                           Name is the name of the Load Balancer. If not set a default name
