From a89f22d9aee7452ef86d6869a2e36f2d4ddc4d1f Mon Sep 17 00:00:00 2001
From: Marco Ebert <marco@giantswarm.io>
Date: Mon, 26 Jun 2023 13:14:19 +0200
Subject: [PATCH] Service: Add `controller.service.loadBalancerClass`.

---
 CHANGELOG.md                                                | 2 ++
 helm/ingress-nginx/README.md                                | 2 ++
 .../templates/controller-service-internal.yaml              | 3 +++
 helm/ingress-nginx/templates/controller-service.yaml        | 3 +++
 helm/ingress-nginx/values.schema.json                       | 6 ++++++
 helm/ingress-nginx/values.yaml                              | 6 ++++++
 6 files changed, 22 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e15a6999..fca3985a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,8 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 - KEDA: Add `fallback`. ([#497](https://github.com/giantswarm/ingress-nginx-app/pull/497))
 - OpenTelemetry: Add distroless `init_module`. ([#498](https://github.com/giantswarm/ingress-nginx-app/pull/498))
 - Chart: Add logo. ([#502](https://github.com/giantswarm/ingress-nginx-app/pull/502))
+- Service: Add `controller.service.loadBalancerClass`. ([#503](https://github.com/giantswarm/ingress-nginx-app/pull/503))\
+  **NOTE:** The load balancer class of existing services can not be changed. The app deployment might fail when defining this for already installed app instances.
 
 ### Changed
 
diff --git a/helm/ingress-nginx/README.md b/helm/ingress-nginx/README.md
index f0b08c68..0e262034 100644
--- a/helm/ingress-nginx/README.md
+++ b/helm/ingress-nginx/README.md
@@ -289,6 +289,7 @@ Please ensure that cert-manager is correctly installed and configured.
 | controller.service.internal.externalTrafficPolicy | string | `"Local"` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
 | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
 | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
+| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
 | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
 | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
 | controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
@@ -302,6 +303,7 @@ Please ensure that cert-manager is correctly installed and configured.
 | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
 | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
 | controller.service.labels | object | `{}` | Labels to be added to both controller services. |
+| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
 | controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
 | controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
 | controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
diff --git a/helm/ingress-nginx/templates/controller-service-internal.yaml b/helm/ingress-nginx/templates/controller-service-internal.yaml
index f679359a..c20628d8 100644
--- a/helm/ingress-nginx/templates/controller-service-internal.yaml
+++ b/helm/ingress-nginx/templates/controller-service-internal.yaml
@@ -47,6 +47,9 @@ spec:
 {{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
   loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
+{{- if .Values.controller.service.internal.loadBalancerClass }}
+  loadBalancerClass: {{ toYaml .Values.controller.service.internal.loadBalancerClass }}
+{{- end }}
 {{- if .Values.controller.service.internal.externalTrafficPolicy }}
   externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
 {{- end }}
diff --git a/helm/ingress-nginx/templates/controller-service.yaml b/helm/ingress-nginx/templates/controller-service.yaml
index 38fda73f..f9ee2349 100644
--- a/helm/ingress-nginx/templates/controller-service.yaml
+++ b/helm/ingress-nginx/templates/controller-service.yaml
@@ -51,6 +51,9 @@ spec:
 {{- if .Values.controller.service.loadBalancerSourceRanges }}
   loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
+{{- if .Values.controller.service.loadBalancerClass }}
+  loadBalancerClass: {{ toYaml .Values.controller.service.loadBalancerClass }}
+{{- end }}
 {{- if .Values.controller.service.externalTrafficPolicy }}
   externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
 {{- end }}
diff --git a/helm/ingress-nginx/values.schema.json b/helm/ingress-nginx/values.schema.json
index c245d202..1a86e682 100644
--- a/helm/ingress-nginx/values.schema.json
+++ b/helm/ingress-nginx/values.schema.json
@@ -778,6 +778,9 @@
                                     "type": "string",
                                     "enum": ["SingleStack", "PreferDualStack", "RequireDualStack"]
                                 },
+                                "loadBalancerClass": {
+                                    "type": "string"
+                                },
                                 "loadBalancerIP": {
                                     "type": "string"
                                 },
@@ -832,6 +835,9 @@
                         "labels": {
                             "type": "object"
                         },
+                        "loadBalancerClass": {
+                            "type": "string"
+                        },
                         "loadBalancerIP": {
                             "type": "string"
                         },
diff --git a/helm/ingress-nginx/values.yaml b/helm/ingress-nginx/values.yaml
index 78a047d5..f423f191 100644
--- a/helm/ingress-nginx/values.yaml
+++ b/helm/ingress-nginx/values.yaml
@@ -465,6 +465,9 @@ controller:
     loadBalancerIP: ""
     # -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default.
     loadBalancerSourceRanges: []
+    # -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.
+    # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
+    loadBalancerClass: ""
 
     # -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it.
     # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
@@ -550,6 +553,9 @@ controller:
       loadBalancerIP: ""
       # -- Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default.
       loadBalancerSourceRanges: []
+      # -- Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.
+      # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
+      loadBalancerClass: ""
 
       # -- External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it.
       # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip