k8s.io/kubernetes@v1.29.3/pkg/api/v1/service/util.go (about) 1 /* 2 Copyright 2016 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package service 18 19 import ( 20 "fmt" 21 "strings" 22 23 v1 "k8s.io/api/core/v1" 24 utilnet "k8s.io/utils/net" 25 ) 26 27 const ( 28 defaultLoadBalancerSourceRanges = "0.0.0.0/0" 29 ) 30 31 // IsAllowAll checks whether the utilnet.IPNet allows traffic from 0.0.0.0/0 32 func IsAllowAll(ipnets utilnet.IPNetSet) bool { 33 for _, s := range ipnets.StringSlice() { 34 if s == "0.0.0.0/0" { 35 return true 36 } 37 } 38 return false 39 } 40 41 // GetLoadBalancerSourceRanges first try to parse and verify LoadBalancerSourceRanges field from a service. 42 // If the field is not specified, turn to parse and verify the AnnotationLoadBalancerSourceRangesKey annotation from a service, 43 // extracting the source ranges to allow, and if not present returns a default (allow-all) value. 44 func GetLoadBalancerSourceRanges(service *v1.Service) (utilnet.IPNetSet, error) { 45 var ipnets utilnet.IPNetSet 46 var err error 47 // if SourceRange field is specified, ignore sourceRange annotation 48 if len(service.Spec.LoadBalancerSourceRanges) > 0 { 49 specs := service.Spec.LoadBalancerSourceRanges 50 ipnets, err = utilnet.ParseIPNets(specs...) 51 52 if err != nil { 53 return nil, fmt.Errorf("service.Spec.LoadBalancerSourceRanges: %v is not valid. Expecting a list of IP ranges. For example, 10.0.0.0/24. Error msg: %v", specs, err) 54 } 55 } else { 56 val := service.Annotations[v1.AnnotationLoadBalancerSourceRangesKey] 57 val = strings.TrimSpace(val) 58 if val == "" { 59 val = defaultLoadBalancerSourceRanges 60 } 61 specs := strings.Split(val, ",") 62 ipnets, err = utilnet.ParseIPNets(specs...) 63 if err != nil { 64 return nil, fmt.Errorf("%s: %s is not valid. Expecting a comma-separated list of source IP ranges. For example, 10.0.0.0/24,192.168.2.0/24", v1.AnnotationLoadBalancerSourceRangesKey, val) 65 } 66 } 67 return ipnets, nil 68 } 69 70 // ExternallyAccessible checks if service is externally accessible. 71 func ExternallyAccessible(service *v1.Service) bool { 72 return service.Spec.Type == v1.ServiceTypeLoadBalancer || 73 service.Spec.Type == v1.ServiceTypeNodePort || 74 (service.Spec.Type == v1.ServiceTypeClusterIP && len(service.Spec.ExternalIPs) > 0) 75 } 76 77 // ExternalPolicyLocal checks if service is externally accessible and has ETP = Local. 78 func ExternalPolicyLocal(service *v1.Service) bool { 79 if !ExternallyAccessible(service) { 80 return false 81 } 82 return service.Spec.ExternalTrafficPolicy == v1.ServiceExternalTrafficPolicyLocal 83 } 84 85 // InternalPolicyLocal checks if service has ITP = Local. 86 func InternalPolicyLocal(service *v1.Service) bool { 87 if service.Spec.InternalTrafficPolicy == nil { 88 return false 89 } 90 return *service.Spec.InternalTrafficPolicy == v1.ServiceInternalTrafficPolicyLocal 91 } 92 93 // NeedsHealthCheck checks if service needs health check. 94 func NeedsHealthCheck(service *v1.Service) bool { 95 if service.Spec.Type != v1.ServiceTypeLoadBalancer { 96 return false 97 } 98 return ExternalPolicyLocal(service) 99 }