diff --git a/pkg/operator/controller/ingress/status.go b/pkg/operator/controller/ingress/status.go
index 4aee5fdec6..7195b18f8c 100644
--- a/pkg/operator/controller/ingress/status.go
+++ b/pkg/operator/controller/ingress/status.go
@@ -179,6 +179,9 @@ func computeIngressTLSProfile(oldProfile *configv1.TLSProfileSpec, deployment *a
 // by looking at the LoadBalancerSourceRanges field and service.beta.kubernetes.io/load-balancer-source-ranges
 // annotation of the LoadBalancer-typed Service. The field takes precedence over the annotation.
 func computeAllowedSourceRanges(service *corev1.Service) []operatorv1.CIDR {
+	if service == nil {
+		return nil
+	}
 	cidrs := []operatorv1.CIDR{}
 	if len(service.Spec.LoadBalancerSourceRanges) > 0 {
 		for _, r := range service.Spec.LoadBalancerSourceRanges {
diff --git a/pkg/operator/controller/ingress/status_test.go b/pkg/operator/controller/ingress/status_test.go
index 2aa2410e0b..dc6fb16320 100644
--- a/pkg/operator/controller/ingress/status_test.go
+++ b/pkg/operator/controller/ingress/status_test.go
@@ -8,6 +8,7 @@ import (
 	"encoding/pem"
 	"k8s.io/utils/pointer"
 	"math/big"
+	"reflect"
 	"strings"
 	"testing"
 	"time"
@@ -2428,3 +2429,76 @@ func TestComputeIngressEvaluationConditionsDetectedCondition(t *testing.T) {
 		})
 	}
 }
+
+func Test_computeAllowedSourceRanges(t *testing.T) {
+	tests := []struct {
+		name    string
+		service *corev1.Service
+		expect  []operatorv1.CIDR
+	}{
+		{
+			name:    "service is nil",
+			service: nil,
+			expect:  nil,
+		},
+		{
+			name: "service doesn't have spec.LoadBalancerSourceRanges",
+			service: &corev1.Service{
+				Spec: corev1.ServiceSpec{},
+			},
+			expect: nil,
+		},
+		{
+			name: "service has spec.LoadBalancerSourceRanges",
+			service: &corev1.Service{
+				Spec: corev1.ServiceSpec{
+					LoadBalancerSourceRanges: []string{"10.0.0.0/8", "192.128.0.0/16"},
+				},
+			},
+			expect: []operatorv1.CIDR{"10.0.0.0/8", "192.128.0.0/16"},
+		},
+		{
+			name: "service has service.beta.kubernetes.io/load-balancer-source-ranges",
+			service: &corev1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/load-balancer-source-ranges": "10.0.0.0/8,192.128.0.0/16",
+					},
+				},
+				Spec: corev1.ServiceSpec{},
+			},
+			expect: []operatorv1.CIDR{"10.0.0.0/8", "192.128.0.0/16"},
+		},
+		{
+			name: "service has service.beta.kubernetes.io/load-balancer-source-ranges, but it's empty",
+			service: &corev1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/load-balancer-source-ranges": "",
+					},
+				},
+			},
+			expect: nil,
+		},
+		{
+			name: "service has service.beta.kubernetes.io/load-balancer-source-ranges and spec.LoadBalancerSourceRanges",
+			service: &corev1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/load-balancer-source-ranges": "10.0.0.0/8,192.128.0.0/16",
+					},
+				},
+				Spec: corev1.ServiceSpec{
+					LoadBalancerSourceRanges: []string{"172.0.0.0/8", "210.128.0.0/16"},
+				},
+			},
+			expect: []operatorv1.CIDR{"172.0.0.0/8", "210.128.0.0/16"},
+		},
+	}
+	for _, test := range tests {
+		actual := computeAllowedSourceRanges(test.service)
+		if !reflect.DeepEqual(actual, test.expect) {
+			t.Errorf("%q: expected %v, got %v", test.name, test.expect, actual)
+		}
+	}
+}