From d55268aae96ee9cb78100ce50e0b873e65aad20d Mon Sep 17 00:00:00 2001
From: Maximilien Cuony <maximilien.cuony@orbitalize.com>
Date: Tue, 23 Dec 2025 08:54:48 +0100
Subject: [PATCH] [yugabyte] Limit exposed ports

---
 .../dss/templates/yugabyte-loadbalancers.yaml | 18 -------------
 .../tanka/yugabyte-auxiliary.libsonnet        | 26 ++-----------------
 2 files changed, 2 insertions(+), 42 deletions(-)

diff --git a/deploy/services/helm-charts/dss/templates/yugabyte-loadbalancers.yaml b/deploy/services/helm-charts/dss/templates/yugabyte-loadbalancers.yaml
index 7855daa73..5de93c9e8 100644
--- a/deploy/services/helm-charts/dss/templates/yugabyte-loadbalancers.yaml
+++ b/deploy/services/helm-charts/dss/templates/yugabyte-loadbalancers.yaml
@@ -28,27 +28,9 @@ spec:
     - name: yugabyte-master-db-ext-{{$i}}
       port: 7100
       targetPort: 7100
-    - name: yugabyte-master-ui-ext-{{$i}}
-      port: 7000
-      targetPort: 7000
     - name: yugabyte-tserver-db-ext-{{$i}}
       port: 9100
       targetPort: 9100
-    - name: yugabyte-tserver-ui-ext-{{$i}}
-      port: 9000
-      targetPort: 9000
-    - name: yugabyte-tserver-ycql-ext-{{$i}}
-      port: 9042
-      targetPort: 9042
-    - name: yugabyte-tserver-ysql-ext-{{$i}}
-      port: 5433
-      targetPort: 5433
-    - name: yugabyte-tserver-metrics-ext-{{$i}}
-      port: 13000
-      targetPort: 13000
-    - name: yugabyte-tserver-metrics-2-ext-{{$i}}
-      port: 12000
-      targetPort: 12000
   publishNotReadyAddresses: true
   selector:
      yugabytedUi: "true"
diff --git a/deploy/services/tanka/yugabyte-auxiliary.libsonnet b/deploy/services/tanka/yugabyte-auxiliary.libsonnet
index 352ba9388..8f3274f47 100644
--- a/deploy/services/tanka/yugabyte-auxiliary.libsonnet
+++ b/deploy/services/tanka/yugabyte-auxiliary.libsonnet
@@ -131,6 +131,7 @@ local yugabyteLB(metadata, name, ip) =
       masters: base.Service(metadata, 'yb-masters') {
         app:: 'yb-master',
         spec+: {
+          clusterIP: "None",
           ports: [
             {
               port: 7000,
@@ -150,6 +151,7 @@ local yugabyteLB(metadata, name, ip) =
       tServers: base.Service(metadata, 'yb-tservers') {
         app:: 'yb-tserver',
         spec+: {
+          clusterIP: "None",
           ports: [
             {
               port: 9000,
@@ -204,38 +206,14 @@ local yugabyteLB(metadata, name, ip) =
             },
             publishNotReadyAddresses: true,
             ports: [
-              {
-                port: 7000,
-                name: 'http-ui',
-              },
               {
                 port: 7100,
                 name: 'tcp-rpc-port',
               },
-              {
-                port: 9000,
-                name: 'http-ui-2',
-              },
-              {
-                port: 12000,
-                name: 'http-ycql-met',
-              },
-              {
-                port: 13000,
-                name: 'http-ysql-met',
-              },
               {
                 port: 9100,
                 name: 'tcp-rpc2-port',
               },
-              {
-                port: 9042,
-                name: 'tcp-yql-port',
-              },
-              {
-                port: 5433,
-                name: 'tcp-ysql-port',
-              },
             ],
           },
         } for i in std.range(0, std.length(metadata.yugabyte.tserverNodeIPs) - 1)