Update Heimdall Trusted Proxies to all Private IPs

[bramwelt]

Adds all private IP ranges to Heimdall's list of 'trusted_proxies'. This
ensures heimdall works even with variations in network toplogies of
local kubernetes deployments.

Signed-off-by: Trevor Bramwell [email protected]

[coderabbitai]

Walkthrough

The Helm chart for the LFX Platform is updated with a version bump from 0.3.2 to 0.3.3, and the trusted proxies configuration is expanded to include three private IP address ranges instead of one.

Changes

Cohort / File(s)	Summary
Helm Chart Configuration charts/lfx-platform/Chart.yaml, charts/lfx-platform/values.yaml	Chart version incremented to 0.3.3; trusted proxy configuration expanded from single entry (192.168.0.0/16) to three entries (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• update Chart.lock #27: Also modifies charts/lfx-platform/Chart.yaml for chart version bumping.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "Update Heimdall Trusted Proxies to all Private IPs" directly aligns with the primary change in the changeset. The main substantive modification is in the values.yaml file where the heimdall.serve.trusted_proxies configuration was expanded from a single entry (192.168.0.0/16) to include all three private IP ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). The Chart.yaml version bump is a secondary consequence of this configuration change. The title is concise, clear, and accurately summarizes the key change without unnecessary noise or vague terminology.
Description Check	✅ Passed	The pull request description is directly related to the changeset. It states that the change "adds all private IP ranges to Heimdall's list of 'trusted_proxies'" which matches exactly what occurred in the values.yaml file where three private IP ranges were configured. The description also provides context about the motivation—ensuring Heimdall works across variations in network topologies of local Kubernetes deployments—which is a reasonable explanation for the configuration change. The description contains sufficient detail related to the actual changes made.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bramwelt/heidall-trusted-proxies

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR updates Heimdall's trusted proxy configuration to include all RFC 1918 private IP address ranges, ensuring compatibility with various local Kubernetes network topologies. The chart version is bumped accordingly.

Key Changes:

• Expands trusted_proxies to include all private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
• Increments chart version from 0.3.2 to 0.3.3

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
charts/lfx-platform/values.yaml	Adds 10.0.0.0/8 and 172.16.0.0/12 private IP ranges to trusted_proxies configuration
charts/lfx-platform/Chart.yaml	Bumps chart version to 0.3.3

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

charts/lfx-platform/values.yaml (1)

170-174: Consider adding a documentation comment for future maintainability.

Since this configuration is foundational to Heimdall's proxy trust model and spans all private ranges, a brief inline comment explaining the RFC 1918 rationale could help future maintainers understand the design intent.

Apply this diff to add clarifying documentation:

  serve:
    trusted_proxies:
+     # RFC 1918 private address ranges for local Kubernetes deployments
+     # Enables Heimdall to correctly identify client IPs across varying network topologies
      - "10.0.0.0/8"
      - "172.16.0.0/12"
      - "192.168.0.0/16"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 86fc486 and c0d5ace.

📒 Files selected for processing (2)

• charts/lfx-platform/Chart.yaml (1 hunks)
• charts/lfx-platform/values.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: MegaLinter

🔇 Additional comments (2)

charts/lfx-platform/Chart.yaml (1)

8-8: Version bump is appropriate for configuration changes.

The patch version increment (0.3.2 → 0.3.3) is well-suited for the non-breaking values.yaml updates, following Helm versioning conventions.

charts/lfx-platform/values.yaml (1)

170-174: Correct and complete private IP range configuration.

The trusted proxies configuration now correctly covers all RFC 1918 private address ranges, enabling Heimdall to work reliably across varied local Kubernetes network topologies (ClusterIP subnets, node networks, etc.). All three ranges are properly formatted and quoted.