I have installed jenkins from its official helm chart
I am exposing it via nginx ingress controller, which is also installed via its helm chart.
The service is exposed in a public IP that I am passing to nginx upon installation, so I am able to access it in https://11.22.33.44/jenkins
I want to also be able to access port 50000 on the master for remote jnlp connections (i.e. initiated outside the cluster).
If I understand correctly, using this value I can create a (secondary I assume) load balancer for the service of the agent (i.e. the one pertaining to port 50000.).
My question is how to restrict this secondary load balancer given that I see only one value, related to load balancer source ip ranges.
What if I have different requirements in terms of source IP ranges for
a) the jenkins ui (port 443)
b) the jenkins jnlp protocol (port 50000)
Yes, you are correct. You can create a secondary load balancer for the service of the agent.
And to restrict secondary load balancer with separate source IP ranges you need to modify the charts a little. You can achieve it following steps bellow:
Add slaveLoadBalancerSourceRanges variable (it doesn't necessarily have to be called like this) to values.yaml file and now you have two variables: slaveLoadBalancerSourceRanges and loadBalancerSourceRanges that you can set to any values you like (you can do it now).
Notice these few lines in jenkins-master-svc.yaml responsible for setting loadBalancerSourceRanges:
{{- if .Values.master.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.master.loadBalancerSourceRanges | indent 4 }}
{{- end }}Modify previously noticed lines to use newly created variable:
{{- if .Values.master.slaveLoadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.master.slaveLoadBalancerSourceRanges | indent 4 }}
{{- end }}Paste these lines to jenkins-agent-svc.yaml (between these two highlighted lines )
Deploy these changes to kubernetes.
Let me know it if was useful.