Documentation ¶
Index ¶
Constants ¶
View Source
const ( // AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers // // It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to // allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow // access only from the CIDRs currently allocated to MIT & the USPS. // // Not all cloud providers support this annotation, though AWS & GCE do. AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges" // AnnotationValueExternalTrafficLocal Value of annotation to specify local endpoints behaviour AnnotationValueExternalTrafficLocal = "OnlyLocal" // AnnotationValueExternalTrafficGlobal Value of annotation to specify global (legacy) behaviour AnnotationValueExternalTrafficGlobal = "Global" // AlphaAnnotationHealthCheckNodePort Annotation specifying the healthcheck nodePort for the service // If not specified, annotation is created by the service api backend with the allocated nodePort // Will use user-specified nodePort value if specified by the client AlphaAnnotationHealthCheckNodePort = "service.alpha.kubernetes.io/healthcheck-nodeport" // AlphaAnnotationExternalTraffic An annotation that denotes if this Service desires to route external traffic to local // endpoints only. This preserves Source IP and avoids a second hop. AlphaAnnotationExternalTraffic = "service.alpha.kubernetes.io/external-traffic" // BetaAnnotationHealthCheckNodePort is the beta version of AlphaAnnotationHealthCheckNodePort. BetaAnnotationHealthCheckNodePort = "service.beta.kubernetes.io/healthcheck-nodeport" // BetaAnnotationExternalTraffic is the beta version of AlphaAnnotationExternalTraffic. BetaAnnotationExternalTraffic = "service.beta.kubernetes.io/external-traffic" )
Variables ¶
This section is empty.
Functions ¶
func GetLoadBalancerSourceRanges ¶
GetLoadBalancerSourceRanges first try to parse and verify LoadBalancerSourceRanges field from a service. If the field is not specified, turn to parse and verify the AnnotationLoadBalancerSourceRangesKey annotation from a service, extracting the source ranges to allow, and if not present returns a default (allow-all) value.
func GetServiceHealthCheckNodePort ¶
GetServiceHealthCheckNodePort Return health check node port annotation for service, if one exists
func IsAllowAll ¶
IsAllowAll checks whether the netsets.IPNet allows traffic from 0.0.0.0/0
func NeedsHealthCheck ¶
NeedsHealthCheck Check service for health check annotations
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.