POST /svc/spec
Insert or update service metadata. Upserts onsvc_ip (the
primary key) — k8s never reuses cluster IPs so collisions are an
out-of-band event.
The handler rejects non-routable IPs (is_routable_svc_ip guard:
empty string for ExternalName services, the literal "None" for
headless Services) with a warn log and a no-op response — the
controller already filters these at source, so this branch is
defense-in-depth for non-controller writers.
Request
service_spec is an opaque JSON blob storing the full Service
object — selector + ports are the parts the advisor’s
NetworkPolicy generator and the mcp-server’s compactor actually
read. The chart’s broker stores the full spec so future tooling
can query other fields without a controller round-trip.
GET /svc/info
Return all service metadata rows. Ordered by(svc_namespace ASC, svc_name ASC, svc_ip ASC) for stable
display. Used by the frontend’s service-list view and the
mcp-server’s cluster_pods aggregator.
GET /svc/ip/{ip}
Get a single service by cluster IP. Used by the advisor when resolving a peer IP to a Service selector during NetworkPolicy generation — the advisor falls back to per-pod lookup if no Service matches.Response
"No data found" is returned when no row matches
(the advisor handles this by falling through to its pod-lookup
path).