mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

cmd/k8s-operator: validate that tailscale.com/tailnet-ip annotation value is a valid IP

Browse Source 
Fixes #13836
Signed-off-by: Nick Kirby <nrkirb@gmail.com>
This commit is contained in:
Nick Kirby
2024-10-26 13:03:36 +01:00
committed by GitHub
parent e815ae0ec4
commit 6ab39b7bcd
2 changed files with 150 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/k8s-operator/svc.go
View File

@ -358,9 +358,14 @@ func validateService(svc *corev1.Service) []string {
violations = append(violations, fmt.Sprintf("invalid value of annotation %s: %q does not appear to be a valid MagicDNS name", AnnotationTailnetTargetFQDN, fqdn))
}
}
// TODO(irbekrm): validate that tailscale.com/tailnet-ip annotation is a
// valid IP address (tailscale/tailscale#13671).
if ipStr := svc.Annotations[AnnotationTailnetTargetIP]; ipStr != "" {
ip, err := netip.ParseAddr(ipStr)
if err != nil {
violations = append(violations, fmt.Sprintf("invalid value of annotation %s: %q could not be parsed as a valid IP Address, error: %s", AnnotationTailnetTargetIP, ipStr, err))
} else if !ip.IsValid() {
violations = append(violations, fmt.Sprintf("parsed IP address in annotation %s: %q is not valid", AnnotationTailnetTargetIP, ipStr))
}
}
svcName := nameForService(svc)
if err := dnsname.ValidLabel(svcName); err != nil {