Documentation
¶
Index ¶
- Constants
- func AllowedIPRanges(svc *v1.Service) ([]netip.Prefix, []string, error)
- func AllowedServiceTags(svc *v1.Service) ([]string, error)
- func IsCIDRsAllowAll(cidrs []netip.Prefix) bool
- func IsExternal(svc *v1.Service) bool
- func IsInternal(svc *v1.Service) bool
- func ParseCIDR(v string) (netip.Prefix, error)
- func SourceRanges(svc *v1.Service) ([]netip.Prefix, []string, error)
- type AccessControl
- func (ac *AccessControl) AllowedIPRanges() []netip.Prefix
- func (ac *AccessControl) AllowedServiceTags() []string
- func (ac *AccessControl) IPV4Sources() []string
- func (ac *AccessControl) IPV6Sources() []string
- func (ac *AccessControl) InvalidRanges() []string
- func (ac *AccessControl) IsAllowFromInternet() bool
- func (ac *AccessControl) SourceRanges() []netip.Prefix
Constants ¶
const ( IPv4AllowedAll = "0.0.0.0/0" IPv6AllowedAll = "::/0" )
Variables ¶
This section is empty.
Functions ¶
func AllowedIPRanges ¶
AllowedIPRanges returns the allowed IP ranges configured by user through AKS custom annotations: service.beta.kubernetes.io/azure-allowed-ip-ranges and service.beta.kubernetes.io/load-balancer-source-ranges
func AllowedServiceTags ¶
AllowedServiceTags returns the allowed service tags configured by user through AKS custom annotation.
func IsCIDRsAllowAll ¶
IsCIDRsAllowAll return true if the given IP Ranges covers all IPs. It returns false if the given IP Ranges is empty.
func IsExternal ¶
IsExternal returns true if the given service is external load balancer.
func IsInternal ¶
IsInternal returns true if the given service is internal load balancer.
Types ¶
type AccessControl ¶
type AccessControl struct {
// contains filtered or unexported fields
}
func NewAccessControl ¶
func NewAccessControl(svc *v1.Service) (*AccessControl, error)
func (*AccessControl) AllowedIPRanges ¶
func (ac *AccessControl) AllowedIPRanges() []netip.Prefix
AllowedIPRanges returns the allowed IP ranges configured by user through AKS custom annotation.
func (*AccessControl) AllowedServiceTags ¶
func (ac *AccessControl) AllowedServiceTags() []string
AllowedServiceTags returns the allowed service tags configured by user through AKS custom annotation.
func (*AccessControl) IPV4Sources ¶
func (ac *AccessControl) IPV4Sources() []string
IPV4Sources returns the allowed sources for IPv4.
func (*AccessControl) IPV6Sources ¶
func (ac *AccessControl) IPV6Sources() []string
IPV6Sources returns the allowed sources for IPv6.
func (*AccessControl) InvalidRanges ¶ added in v1.26.22
func (ac *AccessControl) InvalidRanges() []string
InvalidRanges returns the invalid IP ranges provided by user in sourceRanges and allowedIPRanges.
func (*AccessControl) IsAllowFromInternet ¶
func (ac *AccessControl) IsAllowFromInternet() bool
IsAllowFromInternet returns true if the given service is allowed to be accessed from internet. To be specific, 1. For all types of LB, it returns false if the given service is specified with `service tags` or `not allowed all IP ranges`, including invalid IP ranges. 2. For internal LB, it returns true iff the given service is explicitly specified with `allowed all IP ranges`. Refer: https://github.com/kubernetes-sigs/cloud-provider-azure/issues/698
func (*AccessControl) SourceRanges ¶
func (ac *AccessControl) SourceRanges() []netip.Prefix
SourceRanges returns the allowed IP ranges configured by user through `spec.LoadBalancerSourceRanges` and standard annotation.
Source Files