homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disable ExternalName Services by default on Kubernetes providers

Browse source
This commit is contained in:
Daniel Tomcej 2021-07-13 04:54:09 -06:00 committed by GitHub
parent 10ab39c33b
commit 3c1ed0d9b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 637 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pkg/provider/kubernetes/crd/kubernetes_tcp.go
View file

@ -135,7 +135,7 @@ func (p *Provider) createLoadBalancerServerTCP(client Client, parentNamespace st
ns = service.Namespace
}
servers, err := loadTCPServers(client, ns, service)
servers, err := p.loadTCPServers(client, ns, service)
if err != nil {
return nil, err
}
@ -162,7 +162,7 @@ func (p *Provider) createLoadBalancerServerTCP(client Client, parentNamespace st
return tcpService, nil
}
func loadTCPServers(client Client, namespace string, svc v1alpha1.ServiceTCP) ([]dynamic.TCPServer, error) {
func (p *Provider) loadTCPServers(client Client, namespace string, svc v1alpha1.ServiceTCP) ([]dynamic.TCPServer, error) {
service, exists, err := client.GetService(namespace, svc.Name)
if err != nil {
return nil, err
@ -172,6 +172,10 @@ func loadTCPServers(client Client, namespace string, svc v1alpha1.ServiceTCP) ([
return nil, errors.New("service not found")
}
if service.Spec.Type == corev1.ServiceTypeExternalName && !p.AllowExternalNameServices {
return nil, fmt.Errorf("externalName services not allowed: %s/%s", namespace, svc.Name)
}
svcPort, err := getServicePort(service, svc.Port)
if err != nil {
return nil, err