diff --git a/pkg/k8s/service.go b/pkg/k8s/service.go index 2a26198e2f888..a2b7f338a9390 100644 --- a/pkg/k8s/service.go +++ b/pkg/k8s/service.go @@ -22,6 +22,7 @@ import ( "time" "github.com/cilium/cilium/pkg/annotation" + "github.com/cilium/cilium/pkg/cidr" "github.com/cilium/cilium/pkg/comparator" "github.com/cilium/cilium/pkg/datapath" slim_corev1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/core/v1" @@ -107,7 +108,8 @@ func ParseService(svc *slim_corev1.Service, nodeAddressing datapath.NodeAddressi } } - svcInfo := NewService(clusterIP, svc.Spec.ExternalIPs, loadBalancerIPs, headless, + svcInfo := NewService(clusterIP, svc.Spec.ExternalIPs, + loadBalancerIPs, svc.Spec.LoadBalancerSourceRanges, headless, trafficPolicy, uint16(svc.Spec.HealthCheckNodePort), svc.Labels, svc.Spec.Selector) svcInfo.IncludeExternal = getAnnotationIncludeExternal(svc) svcInfo.Shared = getAnnotationShared(svc) @@ -243,10 +245,13 @@ type Service struct { // K8sExternalIPs stores mapping of the endpoint in a string format to the // externalIP in net.IP format. K8sExternalIPs map[string]net.IP + // LoadBalancerIPs stores LB IPs assigned to the service (string(IP) => IP). - LoadBalancerIPs map[string]net.IP - Labels map[string]string - Selector map[string]string + LoadBalancerIPs map[string]net.IP + LoadBalancerSourceRanges []*cidr.CIDR + + Labels map[string]string + Selector map[string]string // SessionAffinity denotes whether service has the clientIP session affinity SessionAffinity bool @@ -366,12 +371,21 @@ func parseIPs(externalIPs []string) map[string]net.IP { } // NewService returns a new Service with the Ports map initialized. -func NewService(ip net.IP, externalIPs []string, loadBalancerIPs []string, +func NewService(ip net.IP, externalIPs []string, + loadBalancerIPs []string, loadBalancerSourceRanges []string, headless bool, trafficPolicy loadbalancer.SVCTrafficPolicy, healthCheckNodePort uint16, labels, selector map[string]string) *Service { - var k8sExternalIPs map[string]net.IP - var k8sLoadBalancerIPs map[string]net.IP + var ( + k8sExternalIPs map[string]net.IP + k8sLoadBalancerIPs map[string]net.IP + ) + loadBalancerSourceCIDRs := make([]*cidr.CIDR, 0, len(loadBalancerSourceRanges)) + + for _, cidrString := range loadBalancerSourceRanges { + cidr, _ := cidr.ParseCIDR(cidrString) + loadBalancerSourceCIDRs = append(loadBalancerSourceCIDRs, cidr) + } if option.Config.EnableNodePort { k8sExternalIPs = parseIPs(externalIPs) @@ -385,10 +399,11 @@ func NewService(ip net.IP, externalIPs []string, loadBalancerIPs []string, TrafficPolicy: trafficPolicy, HealthCheckNodePort: healthCheckNodePort, - Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, - NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, - K8sExternalIPs: k8sExternalIPs, - LoadBalancerIPs: k8sLoadBalancerIPs, + Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, + NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + K8sExternalIPs: k8sExternalIPs, + LoadBalancerIPs: k8sLoadBalancerIPs, + LoadBalancerSourceRanges: loadBalancerSourceCIDRs, Labels: labels, Selector: selector, diff --git a/pkg/k8s/service_test.go b/pkg/k8s/service_test.go index 56f43b555cc32..5210d72c308d6 100644 --- a/pkg/k8s/service_test.go +++ b/pkg/k8s/service_test.go @@ -106,12 +106,13 @@ func (s *K8sSuite) TestParseService(c *check.C) { id, svc := ParseService(k8sSvc, fakeDatapath.NewNodeAddressing()) c.Assert(id, checker.DeepEquals, ServiceID{Namespace: "bar", Name: "foo"}) c.Assert(svc, checker.DeepEquals, &Service{ - TrafficPolicy: loadbalancer.SVCTrafficPolicyCluster, - FrontendIP: net.ParseIP("127.0.0.1"), - Selector: map[string]string{"foo": "bar"}, - Labels: map[string]string{"foo": "bar"}, - Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, - NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + TrafficPolicy: loadbalancer.SVCTrafficPolicyCluster, + FrontendIP: net.ParseIP("127.0.0.1"), + Selector: map[string]string{"foo": "bar"}, + Labels: map[string]string{"foo": "bar"}, + Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, + NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + LoadBalancerSourceRanges: []*net.IPNet{}, }) k8sSvc = &slim_corev1.Service{ @@ -131,11 +132,12 @@ func (s *K8sSuite) TestParseService(c *check.C) { id, svc = ParseService(k8sSvc, fakeDatapath.NewNodeAddressing()) c.Assert(id, checker.DeepEquals, ServiceID{Namespace: "bar", Name: "foo"}) c.Assert(svc, checker.DeepEquals, &Service{ - IsHeadless: true, - TrafficPolicy: loadbalancer.SVCTrafficPolicyCluster, - Labels: map[string]string{"foo": "bar"}, - Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, - NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + IsHeadless: true, + TrafficPolicy: loadbalancer.SVCTrafficPolicyCluster, + Labels: map[string]string{"foo": "bar"}, + Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, + NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + LoadBalancerSourceRanges: []*net.IPNet{}, }) k8sSvc = &slim_corev1.Service{ @@ -156,11 +158,12 @@ func (s *K8sSuite) TestParseService(c *check.C) { id, svc = ParseService(k8sSvc, fakeDatapath.NewNodeAddressing()) c.Assert(id, checker.DeepEquals, ServiceID{Namespace: "bar", Name: "foo"}) c.Assert(svc, checker.DeepEquals, &Service{ - FrontendIP: net.ParseIP("127.0.0.1"), - TrafficPolicy: loadbalancer.SVCTrafficPolicyLocal, - Labels: map[string]string{"foo": "bar"}, - Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, - NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + FrontendIP: net.ParseIP("127.0.0.1"), + TrafficPolicy: loadbalancer.SVCTrafficPolicyLocal, + Labels: map[string]string{"foo": "bar"}, + Ports: map[loadbalancer.FEPortName]*loadbalancer.L4Addr{}, + NodePorts: map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID{}, + LoadBalancerSourceRanges: []*net.IPNet{}, }) } diff --git a/pkg/k8s/slim/k8s/apis/core/v1/generated.pb.go b/pkg/k8s/slim/k8s/apis/core/v1/generated.pb.go index ee905fa956838..532e4c77ba317 100644 --- a/pkg/k8s/slim/k8s/apis/core/v1/generated.pb.go +++ b/pkg/k8s/slim/k8s/apis/core/v1/generated.pb.go @@ -1039,130 +1039,132 @@ func init() { } var fileDescriptor_c927eaf0f0a6ae1f = []byte{ - // 1955 bytes of a gzipped FileDescriptorProto + // 1986 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0xcd, 0x6f, 0x23, 0x49, - 0x15, 0x4f, 0xdb, 0x71, 0x6c, 0x3f, 0x27, 0xce, 0x4e, 0x65, 0x82, 0x7a, 0x03, 0xeb, 0x44, 0x3d, - 0x12, 0x0a, 0x68, 0xb1, 0x95, 0x41, 0xbb, 0x1a, 0xed, 0x2c, 0xec, 0xc6, 0x9e, 0x0c, 0xe3, 0xdd, - 0xc9, 0x60, 0xca, 0xd1, 0x22, 0x71, 0xa2, 0xd3, 0x2e, 0xdb, 0x3d, 0x71, 0x7f, 0xd0, 0x55, 0xce, - 0x6e, 0x0e, 0x68, 0x01, 0x21, 0xd0, 0x48, 0x1c, 0xf6, 0xc4, 0x91, 0x2b, 0x7f, 0x03, 0x87, 0xbd, - 0xc2, 0x88, 0xd3, 0x4a, 0x5c, 0x56, 0x42, 0x44, 0x4c, 0xf6, 0xc0, 0x89, 0x0b, 0x12, 0x97, 0x39, - 0x20, 0x54, 0xd5, 0x55, 0xfd, 0xe1, 0xd8, 0xd9, 0xc4, 0x1d, 0x29, 0xda, 0x93, 0xab, 0xde, 0x7b, - 0xf5, 0x7e, 0xf5, 0x9e, 0xdf, 0x7b, 0x55, 0xf5, 0x1a, 0x1e, 0x0e, 0x6c, 0x36, 0x1c, 0x1f, 0xd6, - 0x2d, 0xcf, 0x69, 0x58, 0xf6, 0xc8, 0x1e, 0x47, 0x3f, 0xfe, 0xd1, 0xa0, 0x71, 0x74, 0x8f, 0x36, - 0xe8, 0xc8, 0x76, 0xc4, 0xc0, 0xf4, 0x6d, 0xda, 0xb0, 0xbc, 0x80, 0x34, 0x8e, 0x77, 0x1a, 0x03, - 0xe2, 0x92, 0xc0, 0x64, 0xa4, 0x57, 0xf7, 0x03, 0x8f, 0x79, 0xe8, 0xcd, 0x58, 0x4f, 0x3d, 0x54, - 0xa0, 0x7e, 0xfc, 0xa3, 0x41, 0xfd, 0xe8, 0x1e, 0xad, 0x73, 0x3d, 0x62, 0xc0, 0xf5, 0xd4, 0xb9, - 0x9e, 0xfa, 0xf1, 0xce, 0xc6, 0x55, 0xf1, 0x1d, 0xc2, 0xcc, 0x29, 0xf8, 0x1b, 0xdf, 0x49, 0xe8, - 0x19, 0x78, 0x03, 0xaf, 0x21, 0xc8, 0x87, 0xe3, 0xbe, 0x98, 0x89, 0x89, 0x18, 0x49, 0x71, 0xae, - 0xb0, 0x6e, 0x7b, 0x5c, 0xa7, 0x63, 0x5a, 0x43, 0xdb, 0x25, 0xc1, 0x89, 0x40, 0x0c, 0xc6, 0x2e, - 0xb3, 0x1d, 0x72, 0x4e, 0xff, 0x9b, 0x5f, 0xb6, 0x80, 0x5a, 0x43, 0xe2, 0x98, 0x93, 0xeb, 0x8c, - 0xc7, 0x50, 0x6d, 0x8d, 0x6c, 0xe2, 0xb2, 0x76, 0xa7, 0xe5, 0xb9, 0x7d, 0x7b, 0x80, 0xde, 0x82, - 0x2a, 0x5f, 0xe0, 0x8d, 0x59, 0x97, 0x58, 0x9e, 0xdb, 0xa3, 0xba, 0xb6, 0xa5, 0x6d, 0x17, 0x9a, - 0xe8, 0xec, 0x74, 0xb3, 0x7a, 0x90, 0xe2, 0xe0, 0x09, 0x49, 0xe3, 0xd3, 0x1c, 0x94, 0x5b, 0x9e, - 0xcb, 0x4c, 0x8e, 0x8f, 0xb6, 0x60, 0xd1, 0x35, 0x1d, 0x22, 0xd6, 0x97, 0x9b, 0xcb, 0xcf, 0x4f, - 0x37, 0x17, 0xce, 0x4e, 0x37, 0x17, 0x9f, 0x98, 0x0e, 0xc1, 0x82, 0x83, 0xee, 0x40, 0xc1, 0x76, - 0xcc, 0x01, 0xd1, 0x73, 0x42, 0x64, 0x45, 0x8a, 0x14, 0xda, 0x9c, 0x88, 0x43, 0x1e, 0x7a, 0x0a, - 0x05, 0xdf, 0x0b, 0x18, 0xd5, 0x97, 0xb6, 0xf2, 0xdb, 0x95, 0xbb, 0x7b, 0xf5, 0xf9, 0xfe, 0xca, - 0x7a, 0xb4, 0xb1, 0x8e, 0x17, 0xb0, 0x18, 0x8b, 0xcf, 0x28, 0x0e, 0x21, 0xd0, 0xcf, 0x61, 0xf9, - 0xd8, 0x1b, 0x8d, 0x1d, 0xb2, 0xef, 0x8d, 0x5d, 0x46, 0xf5, 0xb2, 0x80, 0x6c, 0xcd, 0x0b, 0xf9, - 0x41, 0xac, 0xab, 0x79, 0x5b, 0x02, 0x2e, 0x27, 0x88, 0x14, 0xa7, 0xe0, 0x8c, 0xff, 0x69, 0xb0, - 0x92, 0xda, 0xe6, 0x25, 0x7c, 0xf8, 0x3a, 0x94, 0x86, 0x1e, 0x65, 0x5c, 0x5a, 0xb8, 0xb1, 0xd0, - 0x7c, 0x45, 0x4a, 0x95, 0x1e, 0x49, 0x3a, 0x8e, 0x24, 0xd0, 0x7d, 0x58, 0xb1, 0x92, 0x00, 0x7a, - 0x5e, 0x2c, 0x59, 0x97, 0x4b, 0xd2, 0xe8, 0x38, 0x2d, 0x8b, 0xee, 0x41, 0x49, 0x44, 0x8d, 0xe5, - 0x8d, 0xf4, 0x45, 0xb1, 0xa1, 0x6f, 0x28, 0xa8, 0x8e, 0xa4, 0xbf, 0x4c, 0x8c, 0x71, 0x24, 0x8d, - 0xbe, 0x09, 0x4b, 0x7c, 0x0b, 0xed, 0x8e, 0x5e, 0x10, 0xeb, 0xaa, 0x72, 0xdd, 0xd2, 0x23, 0x41, - 0xc5, 0x92, 0x6b, 0xfc, 0x46, 0x83, 0x6a, 0xb4, 0x85, 0x2e, 0x33, 0x19, 0x41, 0x0c, 0x8a, 0xc1, - 0xd8, 0x75, 0x6d, 0x77, 0x20, 0xcc, 0xab, 0xdc, 0xdd, 0xcf, 0x1c, 0x00, 0x42, 0x31, 0x0e, 0x95, - 0x36, 0x2b, 0x67, 0xa7, 0x9b, 0x45, 0x39, 0xc1, 0x0a, 0x8a, 0x6f, 0x64, 0x7d, 0xaa, 0x3c, 0x72, - 0xa0, 0x4c, 0x99, 0x19, 0x30, 0xd2, 0xdb, 0x65, 0xe2, 0x6f, 0xa9, 0xdc, 0x7d, 0xfb, 0xaa, 0x3b, - 0xe2, 0x55, 0x82, 0xef, 0x88, 0xa7, 0x53, 0xf3, 0x96, 0xf4, 0x45, 0xb9, 0xab, 0xd4, 0xe2, 0x18, - 0xc1, 0xf8, 0x63, 0x0e, 0x56, 0x53, 0x1b, 0x19, 0xd3, 0x4b, 0x04, 0xc5, 0x11, 0x14, 0x28, 0xdf, - 0xb4, 0x74, 0xd9, 0xc3, 0xeb, 0x71, 0x59, 0x9c, 0x34, 0xa1, 0x47, 0x42, 0x8c, 0x38, 0x8b, 0x97, - 0x2e, 0xc8, 0xe2, 0x6f, 0x41, 0x51, 0x0c, 0xda, 0x0f, 0xf4, 0xa2, 0x10, 0x5b, 0x95, 0x62, 0xc5, - 0x76, 0x48, 0xc6, 0x8a, 0x8f, 0xde, 0x80, 0x4a, 0x14, 0x77, 0xed, 0x07, 0x7a, 0x49, 0x88, 0xaf, - 0x49, 0xf1, 0x4a, 0x2b, 0x66, 0xe1, 0xa4, 0x9c, 0xf1, 0x63, 0x58, 0xdd, 0x73, 0x7b, 0xbe, 0x67, - 0xbb, 0x6c, 0xb7, 0xd7, 0x0b, 0x08, 0xa5, 0x68, 0x03, 0x72, 0xb6, 0x2f, 0xdd, 0x04, 0x52, 0x41, - 0xae, 0xdd, 0xc1, 0x39, 0xdb, 0x47, 0xdb, 0x50, 0x72, 0xbd, 0x1e, 0xe1, 0x4e, 0x93, 0xc1, 0xbc, - 0xcc, 0x03, 0xf9, 0x89, 0xa4, 0xe1, 0x88, 0x6b, 0xfc, 0x4e, 0x83, 0x65, 0xa5, 0xf9, 0x92, 0x49, - 0xb9, 0x05, 0x8b, 0x7e, 0x9c, 0x90, 0x91, 0x84, 0x48, 0x2a, 0xc1, 0x49, 0xe5, 0x52, 0xfe, 0x2a, - 0xb9, 0x64, 0xfc, 0x57, 0x83, 0xaa, 0xda, 0x4e, 0x77, 0x7c, 0x48, 0x09, 0x43, 0x1f, 0x41, 0xd9, - 0x0c, 0x4d, 0x26, 0xbc, 0x5c, 0xf3, 0x9a, 0xf5, 0x83, 0x79, 0xff, 0xf2, 0x09, 0x1f, 0xc6, 0xe1, - 0xb9, 0xab, 0x10, 0x70, 0x0c, 0x86, 0x6c, 0x55, 0x9c, 0xf3, 0x02, 0xf5, 0x41, 0x56, 0xd4, 0xd9, - 0xb5, 0xd9, 0xf8, 0x8f, 0x06, 0x65, 0x25, 0x46, 0x51, 0x00, 0x25, 0x9e, 0x45, 0x3d, 0x93, 0x99, - 0x32, 0x0b, 0x9b, 0xf3, 0x66, 0xe1, 0x0f, 0x0f, 0x9f, 0x12, 0x8b, 0xed, 0x13, 0x66, 0x36, 0x91, - 0x44, 0x86, 0x98, 0x86, 0x23, 0x1c, 0xf4, 0x33, 0x28, 0x52, 0xe1, 0x70, 0xaa, 0xe7, 0x84, 0xb9, - 0x0f, 0xb3, 0x9a, 0x1b, 0xfe, 0x7f, 0x71, 0x2e, 0x84, 0x73, 0x8a, 0x15, 0x8e, 0xf1, 0x2f, 0x0d, - 0x56, 0x22, 0xa3, 0x1f, 0xdb, 0x94, 0x21, 0xf7, 0x9c, 0xe1, 0xef, 0xce, 0x6b, 0x38, 0xd7, 0x27, - 0xcc, 0x8e, 0x4e, 0x0c, 0x45, 0x49, 0x18, 0xdd, 0x87, 0x82, 0xcd, 0x88, 0xa3, 0x4c, 0xde, 0xcd, - 0x6a, 0x32, 0x4d, 0x14, 0x08, 0xae, 0x17, 0x87, 0xea, 0x8d, 0x67, 0x1a, 0xac, 0xed, 0xf9, 0x43, - 0xe2, 0x90, 0xc0, 0x1c, 0x45, 0x49, 0x7e, 0x23, 0x7f, 0xb4, 0xb1, 0x03, 0x6b, 0x8f, 0x3d, 0xb3, - 0xd7, 0x34, 0x47, 0xa6, 0x6b, 0x91, 0xa0, 0xed, 0x0e, 0xbe, 0xac, 0x9c, 0xf0, 0x22, 0x81, 0x92, - 0x6b, 0x64, 0xa9, 0x3e, 0x86, 0xa2, 0x1d, 0xae, 0x96, 0x79, 0xf9, 0xfe, 0xbc, 0xfe, 0x9b, 0xb2, - 0xa1, 0x44, 0x0d, 0x0d, 0x09, 0x58, 0x81, 0x19, 0x1f, 0x43, 0x99, 0x97, 0x23, 0xea, 0x9b, 0x16, - 0xb9, 0x11, 0x17, 0xf2, 0xc0, 0x8d, 0x76, 0xf0, 0x95, 0x0e, 0xdc, 0xc8, 0x8a, 0x19, 0x81, 0xfb, - 0xd7, 0x1c, 0x2c, 0xf2, 0x53, 0xe3, 0x46, 0x4a, 0xd2, 0x21, 0x2c, 0x52, 0x9f, 0x58, 0xf2, 0x9c, - 0x7f, 0x77, 0x6e, 0x1b, 0xbd, 0x1e, 0xe9, 0xfa, 0xc4, 0x8a, 0x8f, 0x2a, 0x3e, 0xc3, 0x42, 0x37, - 0x7a, 0x0a, 0x4b, 0x54, 0x44, 0xb3, 0x38, 0xa8, 0xe6, 0xb0, 0x2a, 0x85, 0x22, 0x34, 0xc5, 0x17, - 0xc0, 0x70, 0x8e, 0x25, 0x82, 0xe1, 0x40, 0x85, 0x4b, 0xa9, 0x03, 0xfc, 0xbb, 0xb0, 0xc8, 0x4e, - 0x7c, 0x75, 0xd2, 0x6e, 0xaa, 0xcd, 0x1d, 0x9c, 0xf8, 0xe4, 0xe5, 0xe9, 0xe6, 0x6a, 0x42, 0x94, - 0x93, 0xb0, 0x10, 0xe6, 0x57, 0x0d, 0x79, 0x40, 0xc9, 0x77, 0x45, 0x94, 0x26, 0x52, 0x16, 0x2b, - 0xbe, 0xf1, 0x0f, 0x0d, 0xc4, 0x89, 0x7f, 0x23, 0x01, 0x6a, 0xa6, 0x03, 0xf4, 0xed, 0x2c, 0x6e, - 0x9d, 0x11, 0x9b, 0x7f, 0x96, 0xf6, 0xf1, 0x7f, 0x93, 0xfb, 0xc5, 0xf7, 0x7a, 0xad, 0xf6, 0x03, - 0x2c, 0xfd, 0x19, 0xf9, 0xa5, 0x13, 0x92, 0xb1, 0xe2, 0xf3, 0xcb, 0x91, 0x1c, 0x52, 0xbd, 0xb8, - 0x95, 0x57, 0x97, 0x23, 0x29, 0x47, 0x71, 0xc4, 0x45, 0x04, 0x96, 0x78, 0xa5, 0x66, 0x54, 0x2f, - 0x08, 0x2b, 0xbe, 0x37, 0xaf, 0x15, 0x07, 0x5c, 0x4b, 0x1c, 0x17, 0x62, 0x4a, 0xb1, 0x54, 0x6e, - 0xfc, 0x4a, 0x03, 0x88, 0xc3, 0x07, 0xb1, 0xe4, 0x85, 0xa7, 0x90, 0xed, 0x91, 0x96, 0x08, 0xa2, - 0x8b, 0x2f, 0x3b, 0xc6, 0x5f, 0x72, 0x90, 0xef, 0x78, 0xbd, 0x1b, 0x49, 0x74, 0x33, 0x95, 0xe8, - 0xef, 0xcc, 0x6b, 0x6c, 0xc7, 0xeb, 0xcd, 0xcc, 0x73, 0x7b, 0x22, 0xcf, 0x77, 0xb3, 0x80, 0x5c, - 0x9c, 0xe6, 0x77, 0xa0, 0xd0, 0xf1, 0x7a, 0xed, 0xce, 0x85, 0x47, 0xea, 0xdf, 0x35, 0xe0, 0x91, - 0x79, 0x23, 0xb9, 0xf9, 0xd3, 0x74, 0x6e, 0xde, 0xcf, 0xe0, 0x8a, 0x19, 0xa9, 0xf9, 0xdb, 0xbc, - 0xb0, 0x4e, 0x64, 0xe6, 0x2f, 0x35, 0xa8, 0xda, 0xae, 0xcd, 0xe2, 0x6b, 0x8f, 0x7e, 0x3b, 0xdb, - 0xa1, 0x15, 0x69, 0x6a, 0x7e, 0x4d, 0xa2, 0x57, 0xdb, 0x29, 0x00, 0x3c, 0x01, 0x88, 0xc6, 0x00, - 0x56, 0x0c, 0x9f, 0xbb, 0x2e, 0xf8, 0x28, 0xaa, 0x13, 0xd0, 0x09, 0x20, 0xf4, 0x1e, 0x20, 0x4a, - 0x82, 0x63, 0xdb, 0x22, 0xbb, 0x96, 0xe5, 0x8d, 0x5d, 0x26, 0x1e, 0x64, 0xe1, 0x9b, 0x6f, 0x43, - 0xae, 0x45, 0xdd, 0x73, 0x12, 0x78, 0xca, 0x2a, 0xfe, 0x70, 0x1c, 0x7a, 0x94, 0x3d, 0x21, 0xec, - 0x43, 0x2f, 0x38, 0xd2, 0x2b, 0x5b, 0xda, 0x76, 0x29, 0x7e, 0x38, 0x3e, 0x8a, 0x59, 0x38, 0x29, - 0x67, 0x7c, 0x9a, 0x87, 0x72, 0x14, 0xb2, 0x97, 0x6d, 0x55, 0xf0, 0x57, 0xaf, 0xcf, 0x43, 0x78, - 0xf2, 0xd5, 0x2b, 0xe2, 0x1a, 0x87, 0x3c, 0x5e, 0x1d, 0xc5, 0x80, 0xea, 0xcb, 0xd9, 0xaa, 0xa3, - 0xd0, 0x1a, 0xef, 0x45, 0x4c, 0x29, 0x96, 0xca, 0x91, 0x2d, 0x7b, 0x12, 0x07, 0xb6, 0x43, 0xc4, - 0xf3, 0x3a, 0x6b, 0x4f, 0x62, 0x25, 0xea, 0x47, 0xf0, 0x29, 0x8e, 0xb5, 0xa3, 0x4f, 0x34, 0xb8, - 0x65, 0xa5, 0xfb, 0x11, 0x84, 0xea, 0xa5, 0x6c, 0x6f, 0xce, 0x89, 0x06, 0x47, 0xf3, 0x55, 0x69, - 0xe7, 0xad, 0xd6, 0x24, 0x12, 0x3e, 0x0f, 0x6e, 0xfc, 0x2d, 0x07, 0x45, 0x19, 0x21, 0x37, 0x52, - 0x9a, 0x49, 0xaa, 0x34, 0xcf, 0x7d, 0x0e, 0x49, 0x13, 0x66, 0x96, 0x67, 0x67, 0xa2, 0x3c, 0xef, - 0x65, 0x05, 0xba, 0xb8, 0x44, 0x7f, 0xa1, 0x41, 0x45, 0x4a, 0xde, 0x48, 0x05, 0xee, 0xa5, 0x2b, - 0xf0, 0x3b, 0x19, 0xad, 0x9d, 0x51, 0x85, 0xff, 0x14, 0x5b, 0x79, 0xc9, 0xd6, 0x4e, 0xb2, 0x71, - 0x93, 0xbb, 0x52, 0x13, 0x54, 0x35, 0x85, 0xf2, 0x33, 0x9b, 0x42, 0xaf, 0x87, 0x3d, 0x29, 0xd1, - 0x98, 0x2d, 0xa4, 0x7b, 0xb9, 0x4f, 0x24, 0x1d, 0x47, 0x12, 0xc6, 0xb3, 0x62, 0xb4, 0x77, 0x71, - 0x8a, 0x0c, 0x55, 0x2f, 0x46, 0xcb, 0x76, 0x21, 0x4a, 0xf8, 0x63, 0x46, 0x9b, 0xfc, 0x63, 0x28, - 0x51, 0x32, 0x22, 0x16, 0xf3, 0x02, 0xf9, 0xf7, 0xfc, 0xe8, 0x1a, 0xa2, 0xbe, 0xde, 0x95, 0x3a, - 0xf7, 0x5c, 0x16, 0x9c, 0xc4, 0xa6, 0x2b, 0x32, 0x8e, 0x40, 0x51, 0x03, 0xca, 0xd6, 0x68, 0x4c, - 0x19, 0x09, 0xda, 0x1d, 0xd9, 0x3e, 0x8b, 0xae, 0x6e, 0x2d, 0xc5, 0xc0, 0xb1, 0x0c, 0x6a, 0xc8, - 0x87, 0x44, 0xd8, 0xe9, 0xfb, 0xfa, 0xc4, 0x43, 0x42, 0xb9, 0x31, 0xf1, 0x88, 0xd8, 0x81, 0x0a, - 0xf9, 0x88, 0x91, 0xc0, 0x35, 0x47, 0xbc, 0x7c, 0x17, 0xc4, 0x25, 0x78, 0x95, 0x9f, 0x23, 0x7b, - 0x31, 0x19, 0x27, 0x65, 0xd0, 0x01, 0xac, 0x52, 0x42, 0xa9, 0xed, 0xb9, 0xbb, 0xfd, 0x3e, 0x3f, - 0x5d, 0x4f, 0x64, 0xab, 0xf3, 0xdb, 0x12, 0x6e, 0xb5, 0x9b, 0x66, 0xbf, 0x14, 0xa4, 0xf0, 0x18, - 0x93, 0x24, 0x3c, 0xa9, 0x02, 0x7d, 0x08, 0xeb, 0x0a, 0xe4, 0x20, 0x30, 0xfb, 0x7d, 0xdb, 0xea, - 0x78, 0x23, 0xdb, 0x3a, 0x11, 0xc7, 0x5b, 0xb9, 0xb9, 0x2b, 0x75, 0xaf, 0xef, 0x4d, 0x13, 0x7a, - 0x79, 0xba, 0xb9, 0x25, 0x11, 0xa6, 0xf2, 0x85, 0xc1, 0xd3, 0xf5, 0xa3, 0x7d, 0x58, 0x1b, 0x12, - 0x73, 0xc4, 0x86, 0xad, 0x21, 0xb1, 0x8e, 0x54, 0xfc, 0xe9, 0xcb, 0x22, 0x2e, 0x95, 0x07, 0xd7, - 0x1e, 0x9d, 0x17, 0xc1, 0xd3, 0xd6, 0xa1, 0x3f, 0x68, 0xb0, 0x3e, 0x61, 0x5b, 0xf8, 0xc5, 0x49, - 0xaf, 0x66, 0x6b, 0xeb, 0x77, 0xa7, 0x29, 0x6d, 0xbe, 0xca, 0x7d, 0x32, 0x95, 0x85, 0xa7, 0x6f, - 0x63, 0xe3, 0x3e, 0xac, 0xa4, 0x02, 0x10, 0xbd, 0x02, 0xf9, 0x23, 0x72, 0x12, 0x96, 0x02, 0xcc, - 0x87, 0xe8, 0x36, 0x14, 0x8e, 0xcd, 0xd1, 0x58, 0x7e, 0xaf, 0xc2, 0xe1, 0xe4, 0xad, 0xdc, 0x3d, - 0xcd, 0xf8, 0xbd, 0xc6, 0x57, 0x27, 0xea, 0x2a, 0xfa, 0xb5, 0x06, 0xcb, 0xa3, 0x44, 0xcf, 0x46, - 0x16, 0xcd, 0xf7, 0xae, 0xa3, 0xff, 0x23, 0x4b, 0x77, 0xf4, 0x49, 0x29, 0xc9, 0xc3, 0x29, 0x54, - 0xe3, 0x99, 0x06, 0xd3, 0xdd, 0x80, 0x7c, 0x28, 0x59, 0xf2, 0xd3, 0x9f, 0xdc, 0xdb, 0xfc, 0x9f, - 0x09, 0x52, 0x9f, 0x10, 0xc3, 0xb7, 0xa2, 0xa2, 0xe1, 0x08, 0xc5, 0xf8, 0xb7, 0x06, 0x05, 0xf1, - 0xae, 0x43, 0xaf, 0x25, 0x5c, 0xdb, 0xac, 0x48, 0x33, 0xf2, 0xef, 0x93, 0x93, 0xd0, 0xcf, 0x77, - 0x52, 0x7e, 0x8e, 0x8b, 0xd0, 0x07, 0x9c, 0x28, 0xdd, 0x8e, 0xde, 0x80, 0x25, 0xd2, 0xef, 0x13, - 0x8b, 0xc9, 0x02, 0xf0, 0x9a, 0x3a, 0xc8, 0xf6, 0x04, 0x95, 0xa7, 0xb5, 0x00, 0x0b, 0xa7, 0x58, - 0x0a, 0xf3, 0xbb, 0x12, 0xb3, 0x1d, 0xfe, 0xe2, 0x23, 0x3d, 0x51, 0x0e, 0xae, 0xe5, 0xae, 0x74, - 0xa0, 0x54, 0xe2, 0x58, 0xbb, 0xf1, 0x7d, 0xa8, 0x24, 0x3e, 0xf6, 0xf1, 0xa2, 0xe5, 0xf0, 0x41, - 0xc7, 0x64, 0xc3, 0xc9, 0xa2, 0xb5, 0xaf, 0x18, 0x38, 0x96, 0x69, 0x6e, 0x3f, 0x7f, 0x51, 0x5b, - 0xf8, 0xec, 0x45, 0x6d, 0xe1, 0xf3, 0x17, 0xb5, 0x85, 0x5f, 0x9c, 0xd5, 0xb4, 0xe7, 0x67, 0x35, - 0xed, 0xb3, 0xb3, 0x9a, 0xf6, 0xf9, 0x59, 0x4d, 0xfb, 0xe7, 0x59, 0x4d, 0xfb, 0xe4, 0x8b, 0xda, - 0xc2, 0x4f, 0x72, 0xc7, 0x3b, 0xff, 0x0f, 0x00, 0x00, 0xff, 0xff, 0x0a, 0x9b, 0x71, 0x43, 0x27, - 0x1f, 0x00, 0x00, + 0x15, 0x4f, 0xdb, 0x71, 0x6c, 0x3f, 0x27, 0xce, 0x4e, 0x65, 0x82, 0x7a, 0xc3, 0xae, 0x13, 0xf5, + 0x48, 0x28, 0xa0, 0xc5, 0x56, 0x06, 0xed, 0x6a, 0xb4, 0xb3, 0xb0, 0x1b, 0x7b, 0x32, 0x8c, 0x77, + 0x27, 0x83, 0x29, 0x47, 0x0b, 0xe2, 0x44, 0xa7, 0x5d, 0xb6, 0x7b, 0xe2, 0xfe, 0xa0, 0xab, 0x9c, + 0xdd, 0x1c, 0xd0, 0x02, 0x42, 0xa0, 0x95, 0x38, 0xec, 0x89, 0x23, 0x57, 0xfe, 0x06, 0x0e, 0x7b, + 0x85, 0x11, 0xa7, 0x95, 0xb8, 0xac, 0x84, 0x88, 0x18, 0xcf, 0x81, 0x13, 0x17, 0x24, 0x2e, 0x73, + 0x40, 0xa8, 0xaa, 0xab, 0xfa, 0xc3, 0xb1, 0x33, 0x19, 0x3b, 0x92, 0xb5, 0xa7, 0xee, 0x7a, 0xf5, + 0xea, 0xfd, 0xde, 0x7b, 0xfd, 0xde, 0xab, 0xaa, 0xd7, 0x70, 0xbf, 0x67, 0xb3, 0xfe, 0xf0, 0xb8, + 0x6a, 0x79, 0x4e, 0xcd, 0xb2, 0x07, 0xf6, 0x30, 0x7a, 0xf8, 0x27, 0xbd, 0xda, 0xc9, 0x1d, 0x5a, + 0xa3, 0x03, 0xdb, 0x11, 0x2f, 0xa6, 0x6f, 0xd3, 0x9a, 0xe5, 0x05, 0xa4, 0x76, 0xba, 0x57, 0xeb, + 0x11, 0x97, 0x04, 0x26, 0x23, 0x9d, 0xaa, 0x1f, 0x78, 0xcc, 0x43, 0x6f, 0xc5, 0x72, 0xaa, 0xa1, + 0x00, 0xf5, 0xf0, 0x4f, 0x7a, 0xd5, 0x93, 0x3b, 0xb4, 0xca, 0xe5, 0x88, 0x17, 0x2e, 0xa7, 0xca, + 0xe5, 0x54, 0x4f, 0xf7, 0xb6, 0x5e, 0x16, 0xdf, 0x21, 0xcc, 0x9c, 0x80, 0xbf, 0xf5, 0xed, 0x84, + 0x9c, 0x9e, 0xd7, 0xf3, 0x6a, 0x82, 0x7c, 0x3c, 0xec, 0x8a, 0x91, 0x18, 0x88, 0x37, 0xc9, 0xce, + 0x05, 0x56, 0x6d, 0x8f, 0xcb, 0x74, 0x4c, 0xab, 0x6f, 0xbb, 0x24, 0x38, 0x13, 0x88, 0xc1, 0xd0, + 0x65, 0xb6, 0x43, 0x2e, 0xc8, 0x7f, 0xeb, 0x45, 0x0b, 0xa8, 0xd5, 0x27, 0x8e, 0x39, 0xbe, 0xce, + 0x78, 0x08, 0xe5, 0xc6, 0xc0, 0x26, 0x2e, 0x6b, 0xb6, 0x1a, 0x9e, 0xdb, 0xb5, 0x7b, 0xe8, 0x6d, + 0x28, 0xf3, 0x05, 0xde, 0x90, 0xb5, 0x89, 0xe5, 0xb9, 0x1d, 0xaa, 0x6b, 0x3b, 0xda, 0x6e, 0xae, + 0x8e, 0x46, 0xe7, 0xdb, 0xe5, 0xa3, 0xd4, 0x0c, 0x1e, 0xe3, 0x34, 0x3e, 0xcf, 0x40, 0xb1, 0xe1, + 0xb9, 0xcc, 0xe4, 0xf8, 0x68, 0x07, 0x96, 0x5d, 0xd3, 0x21, 0x62, 0x7d, 0xb1, 0xbe, 0xfa, 0xe4, + 0x7c, 0x7b, 0x69, 0x74, 0xbe, 0xbd, 0xfc, 0xc8, 0x74, 0x08, 0x16, 0x33, 0xe8, 0x16, 0xe4, 0x6c, + 0xc7, 0xec, 0x11, 0x3d, 0x23, 0x58, 0xd6, 0x24, 0x4b, 0xae, 0xc9, 0x89, 0x38, 0x9c, 0x43, 0x8f, + 0x21, 0xe7, 0x7b, 0x01, 0xa3, 0xfa, 0xca, 0x4e, 0x76, 0xb7, 0x74, 0xfb, 0xa0, 0x3a, 0xdb, 0xa7, + 0xac, 0x46, 0x8a, 0xb5, 0xbc, 0x80, 0xc5, 0x58, 0x7c, 0x44, 0x71, 0x08, 0x81, 0x7e, 0x0e, 0xab, + 0xa7, 0xde, 0x60, 0xe8, 0x90, 0x43, 0x6f, 0xe8, 0x32, 0xaa, 0x17, 0x05, 0x64, 0x63, 0x56, 0xc8, + 0x0f, 0x63, 0x59, 0xf5, 0x9b, 0x12, 0x70, 0x35, 0x41, 0xa4, 0x38, 0x05, 0x67, 0xfc, 0x4f, 0x83, + 0xb5, 0x94, 0x9a, 0x57, 0xf0, 0xe1, 0x1b, 0x50, 0xe8, 0x7b, 0x94, 0x71, 0x6e, 0xe1, 0xc6, 0x5c, + 0xfd, 0x15, 0xc9, 0x55, 0x78, 0x20, 0xe9, 0x38, 0xe2, 0x40, 0x77, 0x61, 0xcd, 0x4a, 0x02, 0xe8, + 0x59, 0xb1, 0x64, 0x53, 0x2e, 0x49, 0xa3, 0xe3, 0x34, 0x2f, 0xba, 0x03, 0x05, 0x11, 0x35, 0x96, + 0x37, 0xd0, 0x97, 0x85, 0x42, 0xaf, 0x29, 0xa8, 0x96, 0xa4, 0x3f, 0x4f, 0xbc, 0xe3, 0x88, 0x1b, + 0x7d, 0x03, 0x56, 0xb8, 0x0a, 0xcd, 0x96, 0x9e, 0x13, 0xeb, 0xca, 0x72, 0xdd, 0xca, 0x03, 0x41, + 0xc5, 0x72, 0xd6, 0xf8, 0x8d, 0x06, 0xe5, 0x48, 0x85, 0x36, 0x33, 0x19, 0x41, 0x0c, 0xf2, 0xc1, + 0xd0, 0x75, 0x6d, 0xb7, 0x27, 0xcc, 0x2b, 0xdd, 0x3e, 0x9c, 0x3b, 0x00, 0x84, 0x60, 0x1c, 0x0a, + 0xad, 0x97, 0x46, 0xe7, 0xdb, 0x79, 0x39, 0xc0, 0x0a, 0x8a, 0x2b, 0xb2, 0x39, 0x91, 0x1f, 0x39, + 0x50, 0xa4, 0xcc, 0x0c, 0x18, 0xe9, 0xec, 0x33, 0xf1, 0x59, 0x4a, 0xb7, 0xdf, 0x79, 0x59, 0x8d, + 0x78, 0x95, 0xe0, 0x1a, 0xf1, 0x74, 0xaa, 0xdf, 0x90, 0xbe, 0x28, 0xb6, 0x95, 0x58, 0x1c, 0x23, + 0x18, 0x7f, 0xcc, 0xc0, 0x7a, 0x4a, 0x91, 0x21, 0xbd, 0x42, 0x50, 0x9c, 0x40, 0x8e, 0x72, 0xa5, + 0xa5, 0xcb, 0xee, 0x5f, 0x8f, 0xcb, 0xe2, 0xa4, 0x09, 0x3d, 0x12, 0x62, 0xc4, 0x59, 0xbc, 0x72, + 0x49, 0x16, 0x7f, 0x13, 0xf2, 0xe2, 0xa5, 0x79, 0x4f, 0xcf, 0x0b, 0xb6, 0x75, 0xc9, 0x96, 0x6f, + 0x86, 0x64, 0xac, 0xe6, 0xd1, 0x9b, 0x50, 0x8a, 0xe2, 0xae, 0x79, 0x4f, 0x2f, 0x08, 0xf6, 0x0d, + 0xc9, 0x5e, 0x6a, 0xc4, 0x53, 0x38, 0xc9, 0x67, 0xfc, 0x08, 0xd6, 0x0f, 0xdc, 0x8e, 0xef, 0xd9, + 0x2e, 0xdb, 0xef, 0x74, 0x02, 0x42, 0x29, 0xda, 0x82, 0x8c, 0xed, 0x4b, 0x37, 0x81, 0x14, 0x90, + 0x69, 0xb6, 0x70, 0xc6, 0xf6, 0xd1, 0x2e, 0x14, 0x5c, 0xaf, 0x43, 0xb8, 0xd3, 0x64, 0x30, 0xaf, + 0xf2, 0x40, 0x7e, 0x24, 0x69, 0x38, 0x9a, 0x35, 0x7e, 0xa7, 0xc1, 0xaa, 0x92, 0x7c, 0xc5, 0xa4, + 0xdc, 0x81, 0x65, 0x3f, 0x4e, 0xc8, 0x88, 0x43, 0x24, 0x95, 0x98, 0x49, 0xe5, 0x52, 0xf6, 0x65, + 0x72, 0xc9, 0xf8, 0xaf, 0x06, 0x65, 0xa5, 0x4e, 0x7b, 0x78, 0x4c, 0x09, 0x43, 0x1f, 0x43, 0xd1, + 0x0c, 0x4d, 0x26, 0xbc, 0x5c, 0xf3, 0x9a, 0xf5, 0xfd, 0x59, 0x3f, 0xf9, 0x98, 0x0f, 0xe3, 0xf0, + 0xdc, 0x57, 0x08, 0x38, 0x06, 0x43, 0xb6, 0x2a, 0xce, 0x59, 0x81, 0x7a, 0x6f, 0x5e, 0xd4, 0xe9, + 0xb5, 0xd9, 0xf8, 0x8f, 0x06, 0x45, 0xc5, 0x46, 0x51, 0x00, 0x05, 0x9e, 0x45, 0x1d, 0x93, 0x99, + 0x32, 0x0b, 0xeb, 0xb3, 0x66, 0xe1, 0x0f, 0x8e, 0x1f, 0x13, 0x8b, 0x1d, 0x12, 0x66, 0xd6, 0x91, + 0x44, 0x86, 0x98, 0x86, 0x23, 0x1c, 0xf4, 0x33, 0xc8, 0x53, 0xe1, 0x70, 0xaa, 0x67, 0x84, 0xb9, + 0xf7, 0xe7, 0x35, 0x37, 0xfc, 0x7e, 0x71, 0x2e, 0x84, 0x63, 0x8a, 0x15, 0x8e, 0xf1, 0x2f, 0x0d, + 0xd6, 0x22, 0xa3, 0x1f, 0xda, 0x94, 0x21, 0xf7, 0x82, 0xe1, 0xef, 0xcd, 0x6a, 0x38, 0x97, 0x27, + 0xcc, 0x8e, 0x76, 0x0c, 0x45, 0x49, 0x18, 0xdd, 0x85, 0x9c, 0xcd, 0x88, 0xa3, 0x4c, 0xde, 0x9f, + 0xd7, 0x64, 0x9a, 0x28, 0x10, 0x5c, 0x2e, 0x0e, 0xc5, 0x1b, 0x9f, 0x6a, 0xb0, 0x71, 0xe0, 0xf7, + 0x89, 0x43, 0x02, 0x73, 0x10, 0x25, 0xf9, 0x42, 0x3e, 0xb4, 0xb1, 0x07, 0x1b, 0x0f, 0x3d, 0xb3, + 0x53, 0x37, 0x07, 0xa6, 0x6b, 0x91, 0xa0, 0xe9, 0xf6, 0x5e, 0x54, 0x4e, 0x78, 0x91, 0x40, 0xc9, + 0x35, 0xb2, 0x54, 0x9f, 0x42, 0xde, 0x0e, 0x57, 0xcb, 0xbc, 0xfc, 0x60, 0x56, 0xff, 0x4d, 0x50, + 0x28, 0x51, 0x43, 0x43, 0x02, 0x56, 0x60, 0xc6, 0x27, 0x50, 0xe4, 0xe5, 0x88, 0xfa, 0xa6, 0x45, + 0x16, 0xe2, 0x42, 0x1e, 0xb8, 0x91, 0x06, 0x5f, 0xe9, 0xc0, 0x8d, 0xac, 0x98, 0x12, 0xb8, 0x7f, + 0xcd, 0xc0, 0x32, 0xdf, 0x35, 0x16, 0x52, 0x92, 0x8e, 0x61, 0x99, 0xfa, 0xc4, 0x92, 0xfb, 0xfc, + 0x7b, 0x33, 0xdb, 0xe8, 0x75, 0x48, 0xdb, 0x27, 0x56, 0xbc, 0x55, 0xf1, 0x11, 0x16, 0xb2, 0xd1, + 0x63, 0x58, 0xa1, 0x22, 0x9a, 0xc5, 0x46, 0x35, 0x83, 0x55, 0x29, 0x14, 0x21, 0x29, 0x3e, 0x00, + 0x86, 0x63, 0x2c, 0x11, 0x0c, 0x07, 0x4a, 0x9c, 0x4b, 0x6d, 0xe0, 0xdf, 0x81, 0x65, 0x76, 0xe6, + 0xab, 0x9d, 0x76, 0x5b, 0x29, 0x77, 0x74, 0xe6, 0x93, 0xe7, 0xe7, 0xdb, 0xeb, 0x09, 0x56, 0x4e, + 0xc2, 0x82, 0x99, 0x1f, 0x35, 0xe4, 0x06, 0x25, 0xef, 0x15, 0x51, 0x9a, 0x48, 0x5e, 0xac, 0xe6, + 0x8d, 0x7f, 0x68, 0x20, 0x76, 0xfc, 0x85, 0x04, 0xa8, 0x99, 0x0e, 0xd0, 0x77, 0xe6, 0x71, 0xeb, + 0x94, 0xd8, 0xfc, 0xb3, 0xb4, 0x8f, 0x7f, 0x4d, 0xee, 0x17, 0xdf, 0xeb, 0x34, 0x9a, 0xf7, 0xb0, + 0xf4, 0x67, 0xe4, 0x97, 0x56, 0x48, 0xc6, 0x6a, 0x9e, 0x1f, 0x8e, 0xe4, 0x2b, 0xd5, 0xf3, 0x3b, + 0x59, 0x75, 0x38, 0x92, 0x7c, 0x14, 0x47, 0xb3, 0x88, 0xc0, 0x0a, 0xaf, 0xd4, 0x8c, 0xea, 0x39, + 0x61, 0xc5, 0x77, 0x67, 0xb5, 0xe2, 0x88, 0x4b, 0x89, 0xe3, 0x42, 0x0c, 0x29, 0x96, 0xc2, 0x8d, + 0x5f, 0x69, 0x00, 0x71, 0xf8, 0x20, 0x96, 0x3c, 0xf0, 0xe4, 0xe6, 0xbb, 0xa4, 0x25, 0x82, 0xe8, + 0xf2, 0xc3, 0x8e, 0xf1, 0x97, 0x0c, 0x64, 0x5b, 0x5e, 0x67, 0x21, 0x89, 0x6e, 0xa6, 0x12, 0xfd, + 0xdd, 0x59, 0x8d, 0x6d, 0x79, 0x9d, 0xa9, 0x79, 0x6e, 0x8f, 0xe5, 0xf9, 0xfe, 0x3c, 0x20, 0x97, + 0xa7, 0xf9, 0x2d, 0xc8, 0xb5, 0xbc, 0x4e, 0xb3, 0x75, 0xe9, 0x96, 0xfa, 0x77, 0x0d, 0x78, 0x64, + 0x2e, 0x24, 0x37, 0x7f, 0x9a, 0xce, 0xcd, 0xbb, 0x73, 0xb8, 0x62, 0x4a, 0x6a, 0xfe, 0x36, 0x2b, + 0xac, 0x13, 0x99, 0xf9, 0x4b, 0x0d, 0xca, 0xb6, 0x6b, 0xb3, 0xf8, 0xd8, 0xa3, 0xdf, 0x9c, 0x6f, + 0xd3, 0x8a, 0x24, 0xd5, 0xbf, 0x26, 0xd1, 0xcb, 0xcd, 0x14, 0x00, 0x1e, 0x03, 0x44, 0x43, 0x00, + 0x2b, 0x86, 0xcf, 0x5c, 0x17, 0x7c, 0x14, 0xd5, 0x09, 0xe8, 0x04, 0x10, 0x7a, 0x1f, 0x10, 0x25, + 0xc1, 0xa9, 0x6d, 0x91, 0x7d, 0xcb, 0xf2, 0x86, 0x2e, 0x13, 0x17, 0xb2, 0xf0, 0xce, 0xb7, 0x25, + 0xd7, 0xa2, 0xf6, 0x05, 0x0e, 0x3c, 0x61, 0x15, 0xbf, 0x38, 0xf6, 0x3d, 0xca, 0x1e, 0x11, 0xf6, + 0x91, 0x17, 0x9c, 0xe8, 0xa5, 0x1d, 0x6d, 0xb7, 0x10, 0x5f, 0x1c, 0x1f, 0xc4, 0x53, 0x38, 0xc9, + 0x67, 0x7c, 0x9e, 0x85, 0x62, 0x14, 0xb2, 0x57, 0x6d, 0x55, 0xf0, 0x5b, 0xaf, 0xcf, 0x43, 0x78, + 0xfc, 0xd6, 0x2b, 0xe2, 0x1a, 0x87, 0x73, 0xbc, 0x3a, 0x8a, 0x17, 0xaa, 0xaf, 0xce, 0x57, 0x1d, + 0x85, 0xd4, 0x58, 0x17, 0x31, 0xa4, 0x58, 0x0a, 0x47, 0xb6, 0xec, 0x49, 0x1c, 0xd9, 0x0e, 0x11, + 0xd7, 0xeb, 0x79, 0x7b, 0x12, 0x6b, 0x51, 0x3f, 0x82, 0x0f, 0x71, 0x2c, 0x1d, 0x7d, 0xa6, 0xc1, + 0x0d, 0x2b, 0xdd, 0x8f, 0x20, 0x54, 0x2f, 0xcc, 0x77, 0xe7, 0x1c, 0x6b, 0x70, 0xd4, 0x5f, 0x95, + 0x76, 0xde, 0x68, 0x8c, 0x23, 0xe1, 0x8b, 0xe0, 0xc6, 0xdf, 0x32, 0x90, 0x97, 0x11, 0xb2, 0x90, + 0xd2, 0x4c, 0x52, 0xa5, 0x79, 0xe6, 0x7d, 0x48, 0x9a, 0x30, 0xb5, 0x3c, 0x3b, 0x63, 0xe5, 0xf9, + 0x60, 0x5e, 0xa0, 0xcb, 0x4b, 0xf4, 0x33, 0x0d, 0x4a, 0x92, 0x73, 0x21, 0x15, 0xb8, 0x93, 0xae, + 0xc0, 0xef, 0xce, 0x69, 0xed, 0x94, 0x2a, 0xfc, 0xa7, 0xd8, 0xca, 0x2b, 0xb6, 0x76, 0x92, 0x8d, + 0x9b, 0xcc, 0x4b, 0x35, 0x41, 0x55, 0x53, 0x28, 0x3b, 0xb5, 0x29, 0xf4, 0x46, 0xd8, 0x93, 0x12, + 0x8d, 0xd9, 0x5c, 0xba, 0x97, 0xfb, 0x48, 0xd2, 0x71, 0xc4, 0x61, 0x3c, 0xcb, 0x47, 0xba, 0x8b, + 0x5d, 0xa4, 0xaf, 0x7a, 0x31, 0xda, 0x7c, 0x07, 0xa2, 0x84, 0x3f, 0xa6, 0xb4, 0xc9, 0x3f, 0x81, + 0x02, 0x25, 0x03, 0x62, 0x31, 0x2f, 0x90, 0x9f, 0xe7, 0x87, 0xd7, 0x10, 0xf5, 0xd5, 0xb6, 0x94, + 0x79, 0xe0, 0xb2, 0xe0, 0x2c, 0x36, 0x5d, 0x91, 0x71, 0x04, 0x8a, 0x6a, 0x50, 0xb4, 0x06, 0x43, + 0xca, 0x48, 0xd0, 0x6c, 0xc9, 0xf6, 0x59, 0x74, 0x74, 0x6b, 0xa8, 0x09, 0x1c, 0xf3, 0xa0, 0x9a, + 0xbc, 0x48, 0x84, 0x9d, 0xbe, 0xaf, 0x8f, 0x5d, 0x24, 0x94, 0x1b, 0x13, 0x97, 0x88, 0x3d, 0x28, + 0x91, 0x8f, 0x19, 0x09, 0x5c, 0x73, 0xc0, 0xcb, 0x77, 0x4e, 0x1c, 0x82, 0xd7, 0xf9, 0x3e, 0x72, + 0x10, 0x93, 0x71, 0x92, 0x07, 0x1d, 0xc1, 0x3a, 0x25, 0x94, 0xda, 0x9e, 0xbb, 0xdf, 0xed, 0xf2, + 0xdd, 0xf5, 0x4c, 0xb6, 0x3a, 0xbf, 0x25, 0xe1, 0xd6, 0xdb, 0xe9, 0xe9, 0xe7, 0x82, 0x14, 0x6e, + 0x63, 0x92, 0x84, 0xc7, 0x45, 0xa0, 0x1f, 0x83, 0x3e, 0x48, 0xf6, 0x15, 0xbc, 0x61, 0x60, 0x11, + 0x6c, 0xba, 0x3d, 0x12, 0xfe, 0x9e, 0x28, 0xd6, 0x5f, 0x1b, 0x9d, 0x6f, 0xeb, 0x0f, 0xa7, 0xf0, + 0xe0, 0xa9, 0xab, 0xd1, 0x47, 0xb0, 0xa9, 0xd4, 0x3f, 0x0a, 0xcc, 0x6e, 0xd7, 0xb6, 0x5a, 0xde, + 0xc0, 0xb6, 0xce, 0xc4, 0xc6, 0x59, 0xac, 0xef, 0x4b, 0xad, 0x37, 0x0f, 0x26, 0x31, 0x3d, 0x3f, + 0xdf, 0xde, 0x91, 0xba, 0x4f, 0x9c, 0x17, 0xae, 0x9c, 0x2c, 0x1f, 0x1d, 0xc2, 0x46, 0x9f, 0x98, + 0x03, 0xd6, 0x6f, 0xf4, 0x89, 0x75, 0xa2, 0x22, 0x5b, 0x5f, 0x15, 0x11, 0xaf, 0xbe, 0xcd, 0xc6, + 0x83, 0x8b, 0x2c, 0x78, 0xd2, 0x3a, 0xf4, 0x07, 0x0d, 0x36, 0xc7, 0xbc, 0x16, 0xfe, 0xcb, 0xd2, + 0xcb, 0xf3, 0xfd, 0x30, 0x68, 0x4f, 0x12, 0x5a, 0x7f, 0x95, 0xfb, 0x64, 0xe2, 0x14, 0x9e, 0xac, + 0xc6, 0xd6, 0x5d, 0x58, 0x4b, 0x85, 0x36, 0x7a, 0x05, 0xb2, 0x27, 0xe4, 0x2c, 0x2c, 0x32, 0x98, + 0xbf, 0xa2, 0x9b, 0x90, 0x3b, 0x35, 0x07, 0x43, 0xf9, 0x27, 0x0c, 0x87, 0x83, 0xb7, 0x33, 0x77, + 0x34, 0xe3, 0xf7, 0x1a, 0x5f, 0x9d, 0xa8, 0xd8, 0xe8, 0xd7, 0x1a, 0xac, 0x26, 0x3f, 0xaa, 0x2c, + 0xc7, 0xef, 0x5f, 0x47, 0x67, 0x49, 0x6e, 0x0a, 0xd1, 0xcf, 0xaa, 0xe4, 0x1c, 0x4e, 0xa1, 0x1a, + 0x9f, 0x6a, 0x30, 0xd9, 0x0d, 0xc8, 0x87, 0x82, 0x25, 0x7f, 0x2a, 0x4a, 0xdd, 0x66, 0xff, 0x01, + 0x91, 0xfa, 0x39, 0x19, 0xde, 0x42, 0x15, 0x0d, 0x47, 0x28, 0xc6, 0xbf, 0x35, 0xc8, 0x89, 0x1b, + 0x23, 0x7a, 0x3d, 0xe1, 0xda, 0x7a, 0x49, 0x9a, 0x91, 0xfd, 0x80, 0x9c, 0x85, 0x7e, 0xbe, 0x95, + 0xf2, 0x73, 0x5c, 0xde, 0x3e, 0xe4, 0x44, 0xe9, 0x76, 0xf4, 0x26, 0xac, 0x90, 0x6e, 0x97, 0x58, + 0x4c, 0x96, 0x96, 0xd7, 0xd5, 0x16, 0x79, 0x20, 0xa8, 0xbc, 0x60, 0x08, 0xb0, 0x70, 0x88, 0x25, + 0x33, 0x3f, 0x85, 0x31, 0xdb, 0xe1, 0x77, 0x49, 0xd2, 0x11, 0x85, 0xe6, 0x5a, 0x4e, 0x61, 0x47, + 0x4a, 0x24, 0x8e, 0xa5, 0x1b, 0xdf, 0x83, 0x52, 0xe2, 0x37, 0x22, 0x2f, 0x87, 0x0e, 0x7f, 0x69, + 0x99, 0xac, 0x3f, 0x5e, 0x0e, 0x0f, 0xd5, 0x04, 0x8e, 0x79, 0xea, 0xbb, 0x4f, 0x9e, 0x56, 0x96, + 0xbe, 0x78, 0x5a, 0x59, 0xfa, 0xf2, 0x69, 0x65, 0xe9, 0x17, 0xa3, 0x8a, 0xf6, 0x64, 0x54, 0xd1, + 0xbe, 0x18, 0x55, 0xb4, 0x2f, 0x47, 0x15, 0xed, 0x9f, 0xa3, 0x8a, 0xf6, 0xd9, 0xb3, 0xca, 0xd2, + 0x4f, 0x32, 0xa7, 0x7b, 0xff, 0x0f, 0x00, 0x00, 0xff, 0xff, 0xdc, 0x0a, 0x1a, 0xba, 0x81, 0x1f, + 0x00, 0x00, } func (m *ClientIPConfig) Marshal() (dAtA []byte, err error) { @@ -2480,6 +2482,15 @@ func (m *ServiceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintGenerated(dAtA, i, uint64(len(m.ExternalTrafficPolicy))) i-- dAtA[i] = 0x5a + if len(m.LoadBalancerSourceRanges) > 0 { + for iNdEx := len(m.LoadBalancerSourceRanges) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.LoadBalancerSourceRanges[iNdEx]) + copy(dAtA[i:], m.LoadBalancerSourceRanges[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.LoadBalancerSourceRanges[iNdEx]))) + i-- + dAtA[i] = 0x4a + } + } i -= len(m.SessionAffinity) copy(dAtA[i:], m.SessionAffinity) i = encodeVarintGenerated(dAtA, i, uint64(len(m.SessionAffinity))) @@ -3206,6 +3217,12 @@ func (m *ServiceSpec) Size() (n int) { } l = len(m.SessionAffinity) n += 1 + l + sovGenerated(uint64(l)) + if len(m.LoadBalancerSourceRanges) > 0 { + for _, s := range m.LoadBalancerSourceRanges { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } l = len(m.ExternalTrafficPolicy) n += 1 + l + sovGenerated(uint64(l)) n += 1 + sovGenerated(uint64(m.HealthCheckNodePort)) @@ -3717,6 +3734,7 @@ func (this *ServiceSpec) String() string { `Type:` + fmt.Sprintf("%v", this.Type) + `,`, `ExternalIPs:` + fmt.Sprintf("%v", this.ExternalIPs) + `,`, `SessionAffinity:` + fmt.Sprintf("%v", this.SessionAffinity) + `,`, + `LoadBalancerSourceRanges:` + fmt.Sprintf("%v", this.LoadBalancerSourceRanges) + `,`, `ExternalTrafficPolicy:` + fmt.Sprintf("%v", this.ExternalTrafficPolicy) + `,`, `HealthCheckNodePort:` + fmt.Sprintf("%v", this.HealthCheckNodePort) + `,`, `SessionAffinityConfig:` + strings.Replace(this.SessionAffinityConfig.String(), "SessionAffinityConfig", "SessionAffinityConfig", 1) + `,`, @@ -7811,6 +7829,38 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error { } m.SessionAffinity = ServiceAffinity(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LoadBalancerSourceRanges", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.LoadBalancerSourceRanges = append(m.LoadBalancerSourceRanges, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex case 11: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field ExternalTrafficPolicy", wireType) diff --git a/pkg/k8s/slim/k8s/apis/core/v1/generated.proto b/pkg/k8s/slim/k8s/apis/core/v1/generated.proto index 54f430673520e..b8533aa46da22 100644 --- a/pkg/k8s/slim/k8s/apis/core/v1/generated.proto +++ b/pkg/k8s/slim/k8s/apis/core/v1/generated.proto @@ -592,6 +592,14 @@ message ServiceSpec { // +optional optional string sessionAffinity = 7; + // If specified and supported by the platform, this will restrict traffic through the cloud-provider + // load-balancer will be restricted to the specified client IPs. This field will be ignored if the + // cloud-provider does not support the feature." + // More info: + // https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ + // +optional + repeated string loadBalancerSourceRanges = 9; + // externalTrafficPolicy denotes if this Service desires to route external // traffic to node-local or cluster-wide endpoints. "Local" preserves the // client source IP and avoids a second hop for LoadBalancer and Nodeport diff --git a/pkg/k8s/slim/k8s/apis/core/v1/types.go b/pkg/k8s/slim/k8s/apis/core/v1/types.go index 7fe2bb06e330f..c67ffdbdbd71c 100644 --- a/pkg/k8s/slim/k8s/apis/core/v1/types.go +++ b/pkg/k8s/slim/k8s/apis/core/v1/types.go @@ -458,6 +458,14 @@ type ServiceSpec struct { // +optional SessionAffinity ServiceAffinity `json:"sessionAffinity,omitempty" protobuf:"bytes,7,opt,name=sessionAffinity,casttype=ServiceAffinity"` + // If specified and supported by the platform, this will restrict traffic through the cloud-provider + // load-balancer will be restricted to the specified client IPs. This field will be ignored if the + // cloud-provider does not support the feature." + // More info: + // https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ + // +optional + LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty" protobuf:"bytes,9,opt,name=loadBalancerSourceRanges"` + // externalTrafficPolicy denotes if this Service desires to route external // traffic to node-local or cluster-wide endpoints. "Local" preserves the // client source IP and avoids a second hop for LoadBalancer and Nodeport diff --git a/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepcopy.go b/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepcopy.go index 9040389130d6e..18490d0dc95c0 100644 --- a/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepcopy.go +++ b/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepcopy.go @@ -755,6 +755,11 @@ func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.LoadBalancerSourceRanges != nil { + in, out := &in.LoadBalancerSourceRanges, &out.LoadBalancerSourceRanges + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.SessionAffinityConfig != nil { in, out := &in.SessionAffinityConfig, &out.SessionAffinityConfig *out = new(SessionAffinityConfig) diff --git a/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepequal.go b/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepequal.go index 49aebf5959bcd..26e204a9551fc 100644 --- a/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepequal.go +++ b/pkg/k8s/slim/k8s/apis/core/v1/zz_generated.deepequal.go @@ -929,6 +929,23 @@ func (in *ServiceSpec) DeepEqual(other *ServiceSpec) bool { if in.SessionAffinity != other.SessionAffinity { return false } + if ((in.LoadBalancerSourceRanges != nil) && (other.LoadBalancerSourceRanges != nil)) || ((in.LoadBalancerSourceRanges == nil) != (other.LoadBalancerSourceRanges == nil)) { + in, other := &in.LoadBalancerSourceRanges, &other.LoadBalancerSourceRanges + if other == nil { + return false + } + + if len(*in) != len(*other) { + return false + } else { + for i, inElement := range *in { + if inElement != (*other)[i] { + return false + } + } + } + } + if in.ExternalTrafficPolicy != other.ExternalTrafficPolicy { return false } diff --git a/pkg/k8s/zz_generated.deepcopy.go b/pkg/k8s/zz_generated.deepcopy.go index c290e314e03c7..51464b7dd989d 100644 --- a/pkg/k8s/zz_generated.deepcopy.go +++ b/pkg/k8s/zz_generated.deepcopy.go @@ -21,6 +21,7 @@ package k8s import ( net "net" + cidr "github.com/cilium/cilium/pkg/cidr" loadbalancer "github.com/cilium/cilium/pkg/loadbalancer" store "github.com/cilium/cilium/pkg/service/store" ) @@ -163,6 +164,16 @@ func (in *Service) DeepCopyInto(out *Service) { (*out)[key] = outVal } } + if in.LoadBalancerSourceRanges != nil { + in, out := &in.LoadBalancerSourceRanges, &out.LoadBalancerSourceRanges + *out = make([]*cidr.CIDR, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = (*in).DeepCopy() + } + } + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]string, len(*in))