[Suggestion] - Helm chart Service template does not support externalTrafficPolicy configuration #1085
Description
Suggestion
Helm chart Service template does not support externalTrafficPolicy configuration
Product
Atlassian Data Center Helm Charts — Jira (also affects Confluence)
Chart Version
2.0.8 (issue exists in all current versions)
Description
The Jira Data Center Helm chart's Service template (src/main/charts/jira/templates/service.yaml) does not support configuring externalTrafficPolicy via Helm values. This is a standard Kubernetes Service field that is essential when using NodePort or LoadBalancer service types and needing to preserve client source IP addresses.
Current Service template
spec:
type: {{ .Values.jira.service.type }}
sessionAffinity: {{ .Values.jira.service.sessionAffinity }}
{{- if .Values.jira.service.sessionAffinityConfig.clientIP.timeoutSeconds }}
sessionAffinityConfig:
clientIP:
timeoutSeconds: {{ .Values.jira.service.sessionAffinityConfig.clientIP.timeoutSeconds }}
{{- end }}
{{- if and (eq .Values.jira.service.type "LoadBalancer") (not (empty .Values.jira.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.jira.service.loadBalancerIP }}
{{- end }}
ports:
- port: {{ .Values.jira.service.port }}
targetPort: http
protocol: TCP
name: http
{{- if and (eq .Values.jira.service.type "NodePort") .Values.jira.service.nodePort }}
nodePort: {{ .Values.jira.service.nodePort }}
{{- end }}
selector:
{{- include "common.labels.selectorLabels" . | nindent 4 }}The template supports type, port, nodePort, sessionAffinity, sessionAffinityConfig, loadBalancerIP, and annotations — but not externalTrafficPolicy.
Use Case
We are deploying Jira Data Center on AWS EKS using the Gateway API with ALB (Application Load Balancer). Our Service type is set to NodePort with targetType: instance on the TargetGroupPolicy. We need externalTrafficPolicy: Local on the Service to:
- Preserve client source IP addresses for audit logging and security
- Avoid unnecessary extra network hops between nodes
- Ensure proper health checking behavior with the ALB target group
Setting jira.service.externalTrafficPolicy: Local in values.yaml has no effect because the template does not reference this value.
We also cannot patch the Service via Kustomize in our ArgoCD multi-source Application setup, since the Service resource is generated by the Helm source and is not part of the Kustomize resource set.
Requested Change
Add externalTrafficPolicy support to the Service template for all products. The change is minimal:
Template change (src/main/charts/jira/templates/service.yaml and equivalents)
spec:
type: {{ .Values.jira.service.type }}
{{- if .Values.jira.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.jira.service.externalTrafficPolicy }}
{{- end }}
sessionAffinity: {{ .Values.jira.service.sessionAffinity }}
...Values change (src/main/charts/jira/values.yaml and equivalents)
jira:
service:
# -- The external traffic policy for the Service. Set to "Local" to preserve
# client source IPs. Only applicable for NodePort and LoadBalancer service types.
externalTrafficPolicy:Affected Templates
src/main/charts/jira/templates/service.yamlsrc/main/charts/confluence/templates/service.yaml
Current Workaround
We must manually patch the Service after ArgoCD sync:
kubectl patch svc jira -n jira -p '{"spec":{"externalTrafficPolicy":"Local"}}'This is fragile and not GitOps-friendly.
Environment
| Component | Details |
|---|---|
| Kubernetes | EKS v1.31 |
| Helm chart | jira 2.0.8 |
| Deployment method | ArgoCD ApplicationSet with multi-source (Helm + Kustomize) |
| Service type | NodePort (with Gateway API / ALB) |
Product
Jira, Confluence
Code of Conduct
- I agree to follow this project's Code of Conduct