Fixes helm#1341 -- update Jenkins chart documentation

Update `values.yml` documentation on using 'LoadBalancer' type of Service in a secure way by adding required annotations. This creates an internal LoadBalancer with locked down rules on allowed CIDR ranges via annotations.
dalvizu · Dec 28, 2018 · f05378b · f05378b
1 parent c143a86
commit f05378b
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml
@@ -79,9 +79,20 @@ Master:
       ProxyCompatability: true
   CLI: false
   # Kubernetes service type for the JNLP slave service
-  # SETTING THIS TO "LoadBalancer" IS A HUGE SECURITY RISK: https://github.com/kubernetes/charts/issues/1341
+  # SlaveListenerServiceType is the Kubernetes Service type for the JNLP slave service
+  # Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default
+  # this will be an external load balancer and allowing inbound 0.0.0.0/0  https://github.com/kubernetes/charts/issues/1341
   SlaveListenerServiceType: ClusterIP
   SlaveListenerServiceAnnotations: {}
+
+  # Example of 'LoadBalancer' type of slave listener with annotations securing it
+  # SlaveListenerServiceType: LoadBalancer
+  # SlaveListenerServiceAnnotations:
+  #   service.beta.kubernetes.io/aws-load-balancer-internal: "True"
+  #   service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"
+
+  # LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to 
+  # set allowed inbound rules on the security group assigned to the master load balancer 
   LoadBalancerSourceRanges:
   - 0.0.0.0/0
   # Optionally assign a known public LB IP
@@ -97,7 +108,7 @@ Master:
   ExtraPorts:
   # - name: BuildInfoProxy
   #   port: 9000
-  # List of plugins to be install during Jenkins master start
+  # List of plugins to be install during Jenkins aster start
   InstallPlugins:
     - kubernetes:1.12.4
     - workflow-job:2.24