Documentation
¶
Index ¶
- type Config
- type Filter
- type RangeQuerier
- type Validator
- func (v *Validator) ClusterIPRanges(families ...v1core.IPFamily) []net.IPNet
- func (v *Validator) ExternalIPRanges(families ...v1core.IPFamily) []net.IPNet
- func (v *Validator) FilterExternalIPs(ips []string, svcName, svcNamespace string) []string
- func (v *Validator) FilterLoadBalancerIPs(ips []string, svcName, svcNamespace string) []string
- func (v *Validator) LoadBalancerIPRanges(families ...v1core.IPFamily) []net.IPNet
- func (v *Validator) LogStatus()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ExternalIPCIDRs []string
LoadBalancerCIDRs []string
ClusterIPCIDRs []string
StrictValidation bool
EnableIPv4 bool
EnableIPv6 bool
}
Config holds the raw CIDR strings and feature flags needed to construct a Validator.
type Filter ¶
type Filter interface {
FilterExternalIPs(ips []string, svcName, svcNamespace string) []string
FilterLoadBalancerIPs(ips []string, svcName, svcNamespace string) []string
}
Filter validates individual service IPs against configured CIDR ranges and strict mode settings.
type RangeQuerier ¶
type RangeQuerier interface {
ExternalIPRanges(families ...v1core.IPFamily) []net.IPNet
LoadBalancerIPRanges(families ...v1core.IPFamily) []net.IPNet
ClusterIPRanges(families ...v1core.IPFamily) []net.IPNet
}
RangeQuerier provides read access to parsed CIDR ranges, optionally filtered by IP family. Calling with no families returns all ranges. Calling with one or more families returns only ranges matching those families.
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator implements both RangeQuerier and Filter. It parses all CIDRs once at construction time, classifies them by IP family, and validates them against the enabled protocol configuration.
func NewValidator ¶
NewValidator parses all CIDR strings, classifies them by IP family, and validates that each CIDR's family matches the enabled protocol configuration. It returns an error if any CIDR string is invalid, if a CIDR's family conflicts with the enabled protocols, or if ClusterIP CIDR constraints are violated (must be non-empty, max 2).
func (*Validator) ClusterIPRanges ¶
ClusterIPRanges returns the parsed ClusterIP CIDR ranges, optionally filtered by IP family.
func (*Validator) ExternalIPRanges ¶
ExternalIPRanges returns the parsed ExternalIP CIDR ranges, optionally filtered by IP family.
func (*Validator) FilterExternalIPs ¶
FilterExternalIPs validates externalIPs against configured CIDR ranges and ClusterIP ranges. When strict mode is enabled and no ranges are configured, all IPs are rejected (default-deny). When strict mode is disabled, all IPs pass through unfiltered.
func (*Validator) FilterLoadBalancerIPs ¶
FilterLoadBalancerIPs validates loadBalancerIPs against configured CIDR ranges and ClusterIP ranges. When strict mode is enabled and no ranges are configured, all IPs are rejected (default-deny). When strict mode is disabled, all IPs pass through unfiltered.
func (*Validator) LoadBalancerIPRanges ¶
LoadBalancerIPRanges returns the parsed LoadBalancerIP CIDR ranges, optionally filtered by family.
Source Files