External IP nginx issue

When using the values.yml to configure an external IP and custom port for the RasaX server I get a parsing error but not on my file. The parsing error is found in rasa-x/templates/nginx-service.yaml error converting YAML to JSON: yaml: line 21: could not find expected ':'

This is my nginx values file

  enabled: true
  name: "rasa/nginx"
    type: LoadBalancer
    port: 80
    externalIPs: redacted

And this is the official helm chart file the parsing error is found on.

{{- if .Values.nginx.enabled }}
apiVersion: "v1"
kind: "Service"
  name: {{ include "rasa-x.fullname" . }}-nginx
    {{ include "rasa-x.labels" . | nindent 4 }}
    app.kubernetes.io/component: nginx
{{- with .Values.nginx.service.annotations }}
    {{- toYaml . | nindent 4 }}
{{- end }}
  - port: {{ .Values.nginx.service.port }}
    targetPort: 8080
    protocol: "TCP"
    name: "http"
    {{- if .Values.nginx.service.nodePort }}
    nodePort: {{ .Values.nginx.service.nodePort }}
  {{- end }}
    {{- if .Values.nginx.service.externalIPs }}
  externalIPs: {{ .Values.nginx.service.externalIPs | toYaml | nindent 2 }}
    {{- end }}
  type: {{ .Values.nginx.service.type }}
    {{- include "rasa-x.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: nginx
{{- end }}

I’m not sure which line is line 21 based on your snippets - do you know which one it was?

Yeah I am sorry that was confusing. Line 21 is the one that says {{ -end }} right after nodePort: {{.Values.nginx.service.nodePort }}

Additional information: I am using the official helm chart, the only thing I did different from the tutorial was adding custom nginx values to the values.yml file. When I deploy without these custom values everything works just fine.

My values.yml parses just fine, the parsing error is in the helm chart and I would try to solve it and ask for a merge request but I don’t see anything wrong.

What happens if you do a helm lint?

@jsolis were you able to solve the issue? Even I am getting the same problem.

@jsolis I got rid of the issue by passing the external ip as a list instead of string. This led to correct population of the externalIPs under the service key of nginx.

However, my service still passes request from the IPs apart from the IP specified in the externalIPs list… sigh. @mloubser @Tobias_Wochinger

Thanks for the info, you are right, that solves the parsing error. However, as you said, the service still passes request from the IPs apart from the IP specified in the externalIPs list. :frowning_face:


I think you misunderstand what externalIPs do. The externalIPs it’s not a list of IP addresses that traffic is allowed from, more information you can find in the Kubernetes docs, Service | Kubernetes

The parsing error occurred because the value for externalIPs has to be an array (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#servicespec-v1-core)

@tczekajlo hi, it will be really very helpful if you could tell how to let only a specific list of IP addresses to use the service. Thanks in advance.


You can try to use the loadBalancerSourceRanges service parameter, but it has to be supported by your cloud provider. The rasa-x helm template doesn’t support this parameter, but you can add it manually to the Nginx service or modify the rasa-x helm chart.

For example

    - ""

@tczekajlo thanks for your response. From whatever little bit I read and understood, the whitelisting can be done thru ingress as well. I tried to pass the required IP addresses to annotations as -

ingress.kubernetes.io/whitelist-source-range: “x.x.x.x/x, x.x.x.x/x”

However, with this setting, its forbidding requests from all the IP addresses.

I also tried,

nginx.ingress.kubernetes.io/whitelist-source-range: “x.x.x.x/x, x.x.x.x/x”

And this is passing requests from all the IP addresses (even those which are not mentioned in the list above)

I am clearly missing something. It’ll be great to get some help.

Thanks in advance.


Those extra annotations work only if you use Ingress controller such as ingress-nginx. You have to have it installed and configured on your Kubernetes cluster.

Additionally, the rasa-x helm chart settings for ingress-nginx look like this.

For example:

        enabled: false
          kubernetes.io/ingress.class: nginx
          nginx.ingress.kubernetes.io/whitelist-source-range: "x.x.x.x/x"
          - host: example.com
              - /
1 Like

This helps a lot! Thanks a ton!! :smile: