From 6c7d9c35ac0d91dda6e915638bcfa0b0bd64bede Mon Sep 17 00:00:00 2001
From: Johannes Wicovsky <johannes.wicovsky@gmail.com>
Date: Thu, 21 Sep 2023 11:39:53 +0200
Subject: [PATCH] add ip-whitelist for pgadmin

---
 templates/pgadmin/ingress_pgadmin.yaml | 3 +++
 values_nsodev.yaml                     | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/templates/pgadmin/ingress_pgadmin.yaml b/templates/pgadmin/ingress_pgadmin.yaml
index cc1dc28..367a42a 100644
--- a/templates/pgadmin/ingress_pgadmin.yaml
+++ b/templates/pgadmin/ingress_pgadmin.yaml
@@ -8,6 +8,9 @@ metadata:
     nginx.ingress.kubernetes.io/ssl-redirect: 'true'
     nginx.ingress.kubernetes.io/ssl-passthrough: 'true'
     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+{{- if .Values.pgadmin.ingress.customIpWhitelist }}
+    nginx.ingress.kubernetes.io/whitelist-source-range: {{ .Values.pgadmin.ingress.customIpWhitelist }}
+{{- end }}
   name: "{{ .Values.stage }}-pgadmin"
 spec:
   rules:
diff --git a/values_nsodev.yaml b/values_nsodev.yaml
index 5fa6ace..5d696bd 100644
--- a/values_nsodev.yaml
+++ b/values_nsodev.yaml
@@ -84,6 +84,8 @@ pgadmin:
         Host: "nsodev-postgres-cluster"
         SSLMode: "prefer"
         MaintenanceDB: "postgres"
+  ingress:
+    customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
 
 smardigo-connect:
   postgres:
@@ -191,8 +193,6 @@ smardigo-wordpress:
       - hosts:
           - "*.connect-wordpress-nsodev-prodwork01.smardigo.digital"
         secretName: "connect-wordpress-nsodev-prodwork01.smardigo.digital-wildcard-tls"
-      annotations:
-        nginx.ingress.kubernetes.io/whitelist-source-range: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
       customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
     commonLabels:
       app: wordpress