GCP firewall rules are 0.0.0.0/0 when set in Operator config

Networking
1

When setting up and configuring istio using the operator the load balancer IP is not applied to the gcp firewall rules.

Example config:

spec:
  components:
    ingressGateways:
      - name: istio-ingressgateway
        k8s:
          service:
            loadBalancerIP: 1.2.3.4

The outcome I was expecting to see was a loadbalancer with the bound ip address 1.2.3.4 and a firewall rule with source range IP ranges: 1.2.3.4/32 what i instead get is the loadbalancer but with a firewall rule of IP ranges: 0.0.0.0/0.

How do I get the firewall rule to accept the loadbalancerip address.

2

Turns out I missed a bit in the documentation where by the value of loadBalancerSourceRanges is what actually set the firewall rule. Adding the following fixed my issue:

          service:
            externalTrafficPolicy: Local
            loadBalancerSourceRanges:
              # cloudflare network proxy ranges
              - "173.245.48.0/20"
              - "103.21.244.0/22"
              - "103.22.200.0/22"
              - "103.31.4.0/22"
              - "141.101.64.0/18"
              - "108.162.192.0/18"
              - "190.93.240.0/20"
              - "188.114.96.0/20"
              - "197.234.240.0/22"
              - "198.41.128.0/17"
              - "162.158.0.0/15"
              - "104.16.0.0/13"
              - "104.24.0.0/14"
              - "172.64.0.0/13"
              - "131.0.72.0/22"