Firewall rule for restricted access

I install Gitpod using gcp-terraform.

By default, everyone can access self-hosted gitpod dashboard , but I want to set FW rule to avoid access from not-permitted IP.

I thought proxy has external IP and worked as loadBalancer, so I could change something in proxy, but couldn’t figure out.

How can I set FW rule ?

I solved this issue with adding loadBalancerSourceRanges in proxy service.

  {{- if $comp.loadBalancerIP }}
  loadBalancerIP: {{ $comp.loadBalancerIP }}
  {{- end }}
  {{- if $comp.loadBalancerSourceRanges }} #add
  loadBalancerSourceRanges: {{ $comp.loadBalancerSourceRanges }} #add
  {{- end }}   #add
components:
  proxy:
    loadBalancerIP: ${loadBalancerIP}
    loadBalancerSourceRanges: "[xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy]" # add

Now, FW rule was correctly added.

Adding FW rule by IP address is essential (otherwise, anyone can use my Gitpod resource), so I think there are any configuration to set it easily.