Wrong validation regex for service.beta.kubernetes.io/do-loadbalancer-allow-rules

[FabrizioFubelli]

My configuration:

apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    service.beta.kubernetes.io/do-loadbalancer-allow-rules: "cidr:103.21.244.0/22,cidr:103.22.200.0/22,cidr:103.31.4.0/22,cidr:104.16.0.0/13"
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  externalTrafficPolicy: Local
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - appProtocol: http
      name: http
      port: 80
      protocol: TCP
      targetPort: http
    - appProtocol: https
      name: https
      port: 443
      protocol: TCP
      targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer

Output of kubectl apply:

The Service "ingress-nginx-controller" is invalid: 
* metadata.labels: Invalid value: "cidr:103.21.244.0/22,cidr:103.22.200.0/22,cidr:103.31.4.0/22,cidr:104.16.0.0/13": must be no more than 63 characters
* metadata.labels: Invalid value: "cidr:103.21.244.0/22,cidr:103.22.200.0/22,cidr:103.31.4.0/22,cidr:104.16.0.0/13": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue',  or 'my_value',  or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')

I would like to add all Cloudflare IP Ranges, but it's not possible with these limitations.

[collimarco]

Probably related: #692

Any updates on this?

[timoreimann]

We may need to support specifying the allow list through the canonical Service field which supposedly does not have length limitations.

#584 was opened some time ago, which we should get back to.