feat(base): soporte de azure_load_balancer_subnet para el gateway público#153
Merged
sebastiancorrea81 merged 1 commit intoJun 24, 2026
Conversation
The internal gateway already wires service.beta.kubernetes.io/azure-load-balancer-internal-subnet on AKS, but the public gateway did not. When the public gateway uses loadBalancerType: internal, the LB had no way to be pinned to a specific subnet and Azure would pick one automatically. Add gateway.public.azure.subnet (default empty), nested under the existing public.azure block (mirroring how the OCI subnet is nested under public.oci), and emit the annotation only when set. No change to existing behaviour when the value is left empty.
37fbf52 to
6208f5c
Compare
Contributor
Author
|
Nota de dependencia entre PRs Este PR habilita
Orden sugerido: mergear este PR primero y publicar una versión del chart; luego mergear tofu-modules #403, que recién surte efecto cuando el módulo apunta a una versión del chart que incluya este cambio. |
sebastiancorrea81
approved these changes
Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Qué
Agrega
gateway.public.azure.subnetal chart base para que el LB interno del gateway público pueda fijarse a una subnet específica en AKS — capacidad que el gateway interno ya tiene (víagateway.internal.azure_load_balancer_subnet).Se modela anidado bajo el bloque
public.azure(junto anetworkSecurityGroup), de forma simétrica a cómo OCI anida su subnet bajopublic.oci.Por qué
Cuando el gateway público se configura con
loadBalancerType: internal(el tráfico entra por una vía privada, p. ej. detrás de un túnel/proxy en la VNet), el chart solo emite:…pero no la anotación de subnet. Azure entonces elige la subnet del LB automáticamente, que puede no ser la deseada. Hoy esto hay que parchearlo por fuera con un recurso
kubernetes_annotations. Este cambio cierra esa brecha.Cambios
values.yaml: nuevogateway.public.azure.subnet(vacío por defecto).templates/gateways.yaml: emiteservice.beta.kubernetes.io/azure-load-balancer-internal-subneten el gateway público solo cuando el valor está seteado yloadBalancerType: internal.Retrocompatibilidad
Sin cambio de comportamiento cuando el valor queda vacío — la anotación está protegida por
{{- if .Values.gateway.public.azure.subnet }}.Verificación
helm templateconglobal.provider=aksygateway.public.loadBalancerType=internal:gateway.public.azure.subnetseteada → emiteazure-load-balancer-internal-subnet: <subnet>✅