diff --git a/vultr/loadbalancer_test.go b/vultr/loadbalancer_test.go index 3378c523a..67915b701 100644 --- a/vultr/loadbalancer_test.go +++ b/vultr/loadbalancer_test.go @@ -92,10 +92,12 @@ func TestLoadbalancers_EnsureLoadBalancer(t *testing.T) { svc := &v1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: "lb-name", - Namespace: v1.NamespaceDefault, - UID: "lb-name", - Annotations: nil, + Name: "lb-name", + Namespace: v1.NamespaceDefault, + UID: "lb-name", + Annotations: map[string]string{ + annoVultrFirewallRules: "cloudflare,80;10.0.0.0/8,80", + }, }, Spec: v1.ServiceSpec{ Ports: []v1.ServicePort{ diff --git a/vultr/loadbalancers.go b/vultr/loadbalancers.go index a5152cf11..e840d7538 100644 --- a/vultr/loadbalancers.go +++ b/vultr/loadbalancers.go @@ -765,10 +765,13 @@ func buildFirewallRules(service *v1.Service) ([]govultr.LBFirewallRule, error) { if len(rules) != 2 { //nolint return nil, fmt.Errorf("loadbalancer fw rules : %s invalid configuration", rules) } + source := rules[0] - _, _, err := net.ParseCIDR(source) - if err != nil { - return nil, fmt.Errorf("loadbalancer fw rules : source %s is invalid", source) + if source != "cloudflare" { + _, _, err := net.ParseCIDR(source) + if err != nil { + return nil, fmt.Errorf("loadbalancer fw rules : source %s is invalid", source) + } } port, err := strconv.Atoi(rules[1])