Snat (#23)

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/google/uuid v1.1.2
 	github.com/googleapis/gnostic v0.2.0 // indirect
 	github.com/metal-stack/metal-go v0.10.0
-	github.com/metal-stack/metal-lib v0.6.3
+	github.com/metal-stack/metal-lib v0.6.4
 	github.com/metal-stack/v v1.0.2
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/pflag v1.0.5

go.sum

@@ -661,8 +661,8 @@ github.com/metal-stack/metal-go v0.10.0 h1:XlZpuHd5wWr9oVY+uxNjzoCDq4QJQrcZBx+97
 github.com/metal-stack/metal-go v0.10.0/go.mod h1:5emMVOjVD2tj6OxCBUYB8Xo1ruBnoP6idwypVV1pzec=
 github.com/metal-stack/metal-lib v0.5.0 h1:C3QScS7+wNWMiERB+j0x06WpRuTHW6A3rpuILMOAgss=
 github.com/metal-stack/metal-lib v0.5.0/go.mod h1:Vxr1OwM8fef1gtIv9fUiVU4Gq5mkd4ElHMpTjfuuSFQ=
-github.com/metal-stack/metal-lib v0.6.3 h1:iQOyLKnqqSJGpl++YgnbrW7DYbyC+1VVW2izoQlrcLk=
-github.com/metal-stack/metal-lib v0.6.3/go.mod h1:r8qhfX72eAzClR/pEaQvdwM//Otx9gegYoOphLPmmQ4=
+github.com/metal-stack/metal-lib v0.6.4 h1:7lvQcjGrZa3gUIzlbFi61fqFatDzlmWWMvXoqOi5HHM=
+github.com/metal-stack/metal-lib v0.6.4/go.mod h1:r8qhfX72eAzClR/pEaQvdwM//Otx9gegYoOphLPmmQ4=
 github.com/metal-stack/security v0.3.0 h1:YJL0qlsXlvA9O3iIWuk5YqF02IX9f6I60n93FkQpV4k=
 github.com/metal-stack/security v0.3.0/go.mod h1:xa0eka4HttrfhDTJPzcSDBGgaFyNBGXhz0B5YGqtKuU=
 github.com/metal-stack/security v0.4.0 h1:NrPm5srgmgeS9UdQmGKLEJ3P7BSsV2Gm7P781LmM0Xo=

pkg/controllers/loadbalancer/loadbalancer.go

@@ -225,7 +225,10 @@ func (l *LoadBalancerController) UpdateMetalLBConfig(nodes []v1.Node) error {
 func (l *LoadBalancerController) useIPInCluster(ip models.V1IPResponse, clusterID string, s v1.Service) (*metalgo.IPDetailResponse, error) {
 	for _, t := range ip.Tags {
 		if tags.IsMachine(t) {
-			return nil, fmt.Errorf("ip is used for a machine, can not use it for a service, machine: %v", ip.Tags)
+			return nil, fmt.Errorf("ip is used for a machine, can not use it for a service, ip tags: %v", ip.Tags)
+		}
+		if tags.IsEgress(t) {
+			return nil, fmt.Errorf("ip is used for egress purposes, can not use it for a service, ip tags: %v", ip.Tags)
 		}
 	}
 

pkg/tags/tagUtils.go

@@ -2,8 +2,9 @@ package tags
 
 import (
 	"fmt"
-	t "github.com/metal-stack/metal-lib/pkg/tag"
 	"strings"
+
+	t "github.com/metal-stack/metal-lib/pkg/tag"
 )
 
 // BuildClusterServiceFQNTag returns the ClusterServiceFQN tag populated with the given arguments.
@@ -16,6 +17,11 @@ func IsMachine(tag string) bool {
 	return strings.HasPrefix(tag, t.MachineID)
 }
 
+// IsEgress returns true if the given tag is an egress-tag
+func IsEgress(tag string) bool {
+	return strings.HasPrefix(tag, t.ClusterEgress)
+}
+
 // IsMemberOfCluster returns true of the given tag is a cluster-tag and clusterID matches.
 func IsMemberOfCluster(tag, clusterID string) bool {
 	if strings.HasPrefix(tag, t.ClusterID) {
@@ -29,4 +35,3 @@ func IsMemberOfCluster(tag, clusterID string) bool {
 	}
 	return false
 }
-