DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove localhost calls from external names

Browse source 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
This commit is contained in:
Ricardo Pchevuzinske Katz 2021-04-30 00:24:28 -03:00
parent 22ae0d3848
commit 0dceedfad7
6 changed files with 74 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/ingress/controller/endpoints.go
View file

@ -50,6 +50,12 @@ func getEndpoints(s *corev1.Service, port *corev1.ServicePort, proto corev1.Prot
// ExternalName services
if s.Spec.Type == corev1.ServiceTypeExternalName {
if ip := net.ParseIP(s.Spec.ExternalName); s.Spec.ExternalName == "localhost" ||
(ip != nil && ip.IsLoopback()) {
klog.Errorf("Invalid attempt to use localhost name %s in %q", s.Spec.ExternalName, svcKey)
return upsServers
}
klog.V(3).Infof("Ingress using Service %q of type ExternalName.", svcKey)
targetPort := port.TargetPort.IntValue()
// if the externalName is not an IP address we need to validate is a valid FQDN