Documentation
¶
Index ¶
- Constants
- func AllowedIPRanges(svc *v1.Service) ([]netip.Prefix, error)
- func AllowedServiceTags(svc *v1.Service) ([]string, error)
- func IsCIDRsAllowAll(cidrs []netip.Prefix) bool
- func IsExternal(svc *v1.Service) bool
- func IsInternal(svc *v1.Service) bool
- func ParseCIDRs(parts []string) ([]netip.Prefix, error)
- func SourceRanges(svc *v1.Service) ([]netip.Prefix, error)
- type AccessControl
- func (ac *AccessControl) AllowedIPRanges() []netip.Prefix
- func (ac *AccessControl) AllowedServiceTags() []string
- func (ac *AccessControl) IPV4Sources() []string
- func (ac *AccessControl) IPV6Sources() []string
- func (ac *AccessControl) IsAllowFromInternet() bool
- func (ac *AccessControl) SourceRanges() []netip.Prefix
Constants ¶
const ( IPv4AllowedAll = "0.0.0.0/0" IPv6AllowedAll = "::/0" )
Variables ¶
This section is empty.
Functions ¶
func AllowedIPRanges ¶
AllowedIPRanges returns the allowed IP ranges configured by user through AKS custom annotation.
func AllowedServiceTags ¶
AllowedServiceTags returns the allowed service tags configured by user through AKS custom annotation.
func IsCIDRsAllowAll ¶
IsCIDRsAllowAll return true if the given IP Ranges covers all IPs. It returns false if the given IP Ranges is empty.
func IsExternal ¶
IsExternal returns true if the given service is external load balancer.
func IsInternal ¶
IsInternal returns true if the given service is internal load balancer.
Types ¶
type AccessControl ¶
type AccessControl struct {
// contains filtered or unexported fields
}
func NewAccessControl ¶
func NewAccessControl(svc *v1.Service) (*AccessControl, error)
func (*AccessControl) AllowedIPRanges ¶
func (ac *AccessControl) AllowedIPRanges() []netip.Prefix
AllowedIPRanges returns the allowed IP ranges configured by user through AKS custom annotation.
func (*AccessControl) AllowedServiceTags ¶
func (ac *AccessControl) AllowedServiceTags() []string
AllowedServiceTags returns the allowed service tags configured by user through AKS custom annotation.
func (*AccessControl) IPV4Sources ¶
func (ac *AccessControl) IPV4Sources() []string
IPV4Sources returns the allowed sources for IPv4.
func (*AccessControl) IPV6Sources ¶
func (ac *AccessControl) IPV6Sources() []string
IPV6Sources returns the allowed sources for IPv6.
func (*AccessControl) IsAllowFromInternet ¶
func (ac *AccessControl) IsAllowFromInternet() bool
IsAllowFromInternet returns true if the given service is allowed to be accessed from internet. To be specific, 1. For all types of LB, it returns false if the given service is specified with `service tags` or `not allowed all IP ranges`. 2. For internal LB, it returns true iff the given service is explicitly specified with `allowed all IP ranges`. Refer: https://github.com/kubernetes-sigs/cloud-provider-azure/issues/698
func (*AccessControl) SourceRanges ¶
func (ac *AccessControl) SourceRanges() []netip.Prefix
SourceRanges returns the allowed IP ranges configured by user through `spec.LoadBalancerSourceRanges` and standard annotation.
Source Files