Add LoadBalancer support to RabbitMQ Helm chart

charts/rabbitmq/Chart.yaml

@@ -3,5 +3,5 @@ name: rabbitmq
 description: RabbitMQ Helm chart using the RabbitMQ Cluster Operator
 type: application
 
-version: 0.1.0
+version: 0.2.0
 appVersion: "1.0.0"

charts/rabbitmq/README.md

@@ -29,6 +29,97 @@ helm install my-rabbitmq oci://ghcr.io/helmcode/helm-charts/rabbitmq
 | `spec.service.type` | Kubernetes service type | `ClusterIP` |
 | `spec.persistence.storageClassName` | Storage class for PVCs | `gp2` |
 | `spec.persistence.storage` | Storage size per replica | `10Gi` |
+| `loadBalancer.enabled` | Enable optional LoadBalancer Service | `false` |
+| `loadBalancer.type` | Service type (LoadBalancer or NodePort) | `LoadBalancer` |
+| `loadBalancer.annotations` | Cloud provider annotations | `{}` |
+| `loadBalancer.loadBalancerSourceRanges` | IP ranges allowed to access the LoadBalancer | `[]` |
+| `loadBalancer.ports.amqp.port` | AMQP port | `5672` |
+| `loadBalancer.ports.management.port` | Management UI port | `15672` |
+
+### LoadBalancer Configuration
+
+By default, the RabbitMQ Cluster Operator creates a ClusterIP service for internal cluster access. For external access (e.g., connecting from local development via VPN), you can enable an optional LoadBalancer Service.
+
+**Important**: LoadBalancer services may incur cloud provider costs. This feature is disabled by default.
+
+#### Enable LoadBalancer
+
+```yaml
+loadBalancer:
+  enabled: true
+```
+
+#### AWS Configuration (Internal NLB)
+
+For AWS environments with VPN access, configure an internal Network Load Balancer:
+
+```yaml
+loadBalancer:
+  enabled: true
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+    service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
+  loadBalancerSourceRanges:
+    - "10.0.0.0/8"  # VPN CIDR block
+```
+
+#### GCP Configuration (Internal Load Balancer)
+
+For GCP environments:
+
+```yaml
+loadBalancer:
+  enabled: true
+  annotations:
+    cloud.google.com/load-balancer-type: "Internal"
+  loadBalancerSourceRanges:
+    - "10.0.0.0/8"  # VPN CIDR block
+```
+
+#### Azure Configuration (Internal Load Balancer)
+
+For Azure environments:
+
+```yaml
+loadBalancer:
+  enabled: true
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+  loadBalancerSourceRanges:
+    - "10.0.0.0/8"  # VPN CIDR block
+```
+
+#### Access Restrictions
+
+Use `loadBalancerSourceRanges` to restrict access to specific IP ranges (e.g., your VPN CIDR blocks):
+
+```yaml
+loadBalancer:
+  enabled: true
+  loadBalancerSourceRanges:
+    - "192.168.1.0/24"  # Office network
+    - "10.0.0.0/8"      # VPN network
+```
+
+#### Exposed Ports
+
+The LoadBalancer Service exposes:
+- **5672**: AMQP protocol (client connections)
+- **15672**: Management UI (web interface)
+
+To connect from your local machine after enabling the LoadBalancer:
+
+```bash
+# Get the LoadBalancer external IP
+kubectl get svc <release-name>-rabbitmq-loadbalancer
+
+# Connect using AMQP client
+# amqp://<external-ip>:5672
+
+# Access Management UI in browser
+# http://<external-ip>:15672
+```
 
 ## Example
 

charts/rabbitmq/templates/loadbalancer-service.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.loadBalancer.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "rabbitmq.fullname" . }}-loadbalancer
+  labels:
+    {{- include "rabbitmq.labels" . | nindent 4 }}
+  {{- with .Values.loadBalancer.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.loadBalancer.type }}
+  {{- with .Values.loadBalancer.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  ports:
+    - name: amqp
+      port: {{ .Values.loadBalancer.ports.amqp.port }}
+      targetPort: {{ .Values.loadBalancer.ports.amqp.targetPort }}
+      protocol: {{ .Values.loadBalancer.ports.amqp.protocol }}
+    - name: management
+      port: {{ .Values.loadBalancer.ports.management.port }}
+      targetPort: {{ .Values.loadBalancer.ports.management.targetPort }}
+      protocol: {{ .Values.loadBalancer.ports.management.protocol }}
+  selector:
+    app.kubernetes.io/name: {{ include "rabbitmq.fullname" . }}
+    app.kubernetes.io/component: rabbitmq
+{{- end }}

charts/rabbitmq/values.yaml

@@ -6,3 +6,31 @@ spec:
     persistence:
       storageClassName: gp2
       storage: 10Gi
+
+# Optional LoadBalancer Service for external access (e.g., VPN connections)
+# This creates a separate service alongside the operator's default ClusterIP service
+loadBalancer:
+  enabled: false
+  # Cloud provider annotations (e.g., AWS NLB, internal LB, etc.)
+  annotations: {}
+    # Example for AWS internal NLB:
+    # service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+    # service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
+  # Restrict access to specific IP ranges (e.g., VPN CIDR blocks)
+  loadBalancerSourceRanges: []
+    # Example:
+    # - "10.0.0.0/8"
+    # - "192.168.1.0/24"
+  # Service type (usually LoadBalancer, but can be NodePort for testing)
+  type: LoadBalancer
+  # Port configurations
+  ports:
+    amqp:
+      port: 5672
+      targetPort: 5672
+      protocol: TCP
+    management:
+      port: 15672
+      targetPort: 15672
+      protocol: TCP