feat(go-client): support PodIP routing (#910)

* feat(go-client): support PodIP routing to fix Issue #907

* fix(go-client): address Copilot review comments for dual-stack extraction and assertions

* fix(go-client): ensure deterministic selection of valid parseable dual-stack IPs

* fix(go-client): optimize dual-stack selection and prevent test data races

* test(go-client): use public setters in HTTP headers tests to decouple from internals

* fix(go-client): validate and document PodIP properties to prevent routing issues

* fix(go-client): address review comments for PodIP getter and skips

* fix(go-client): reuse selectPodIP helper in connector SetPodIP

* refactor(go-client): move selectPodIP to ip.go and normalize parsed IP

* fix(go-client): release connector lock before logging and synchronize test access

* fix(go-client): return canonical dotted-quad string for IPv4-mapped IPv6 addresses

Author: moficodes

clients/go/sandbox/connector.go

@@ -61,6 +61,7 @@ type connector struct {
 	namespace  string
 	serverPort int
 	baseURL    string
+	podIP      string
 	lastError  error
 
 	requestTimeout    time.Duration
@@ -125,6 +126,21 @@ func (c *connector) SetIdentity(sandboxName string) {
 	c.sandboxID = sandboxName
 }
 
+// SetPodIP sets the sandbox pod's IP address to be sent as X-Sandbox-Pod-IP.
+// The input is sanitized and validated to prevent net/http header injection errors.
+func (c *connector) SetPodIP(ip string) {
+	validIP := selectPodIP([]string{ip})
+	shouldLog := (validIP == "" && strings.TrimSpace(ip) != "")
+
+	c.mu.Lock()
+	c.podIP = validIP
+	c.mu.Unlock()
+
+	if shouldLog {
+		c.log.V(1).Info("skipping invalid pod IP address", "ip", ip)
+	}
+}
+
 // Connect delegates to the strategy to discover and set the base URL.
 func (c *connector) Connect(ctx context.Context) error {
 	url, err := c.strategy.Connect(ctx)
@@ -153,6 +169,7 @@ func (c *connector) Close() error {
 	c.baseURL = ""
 	c.lastError = nil
 	c.sandboxID = ""
+	c.podIP = ""
 	c.mu.Unlock()
 	err := c.strategy.Close()
 	if c.ownsTransport {
@@ -236,6 +253,7 @@ func (c *connector) SendRequest(ctx context.Context, method, endpoint string, bo
 		sandboxID := c.sandboxID
 		namespace := c.namespace
 		port := c.serverPort
+		podIP := c.podIP
 		c.mu.Unlock()
 
 		var bodyReader io.Reader
@@ -266,6 +284,9 @@ func (c *connector) SendRequest(ctx context.Context, method, endpoint string, bo
 		req.Header.Set(headerSandboxNamespace, namespace)
 		req.Header.Set(headerSandboxPort, strconv.Itoa(port))
 		req.Header.Set(headerRequestID, reqID)
+		if podIP != "" {
+			req.Header.Set(headerSandboxPodIP, podIP)
+		}
 		if contentType != "" {
 			req.Header.Set("Content-Type", contentType)
 		}

clients/go/sandbox/files_test.go

@@ -428,16 +428,20 @@ func TestRetry_ServerErrorThenSuccess(t *testing.T) {
 }
 
 func TestHTTPHeaders_AllSet(t *testing.T) {
+	var mu sync.Mutex
 	var headers http.Header
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		mu.Lock()
 		headers = r.Header.Clone()
+		mu.Unlock()
 		_ = json.NewEncoder(w).Encode(map[string]bool{"exists": true})
 	}))
 	defer server.Close()
 
 	c := newReadyTestSandbox(server.URL)
+	c.connector.SetIdentity("my-claim")
+	c.connector.SetPodIP("10.244.0.42")
 	c.connector.mu.Lock()
-	c.connector.sandboxID = "my-claim"
 	c.connector.namespace = "my-ns"
 	c.connector.serverPort = 9999
 	c.connector.mu.Unlock()
@@ -447,14 +451,57 @@ func TestHTTPHeaders_AllSet(t *testing.T) {
 		t.Fatalf("Exists() error: %v", err)
 	}
 
-	if headers.Get(headerSandboxID) != "my-claim" {
-		t.Errorf("wrong %s: %s", headerSandboxID, headers.Get(headerSandboxID))
+	mu.Lock()
+	capturedHeaders := headers.Clone()
+	mu.Unlock()
+
+	if capturedHeaders.Get(headerSandboxID) != "my-claim" {
+		t.Errorf("wrong %s: %s", headerSandboxID, capturedHeaders.Get(headerSandboxID))
 	}
-	if headers.Get(headerSandboxNamespace) != "my-ns" {
-		t.Errorf("wrong %s: %s", headerSandboxNamespace, headers.Get(headerSandboxNamespace))
+	if capturedHeaders.Get(headerSandboxNamespace) != "my-ns" {
+		t.Errorf("wrong %s: %s", headerSandboxNamespace, capturedHeaders.Get(headerSandboxNamespace))
+	}
+	if capturedHeaders.Get(headerSandboxPort) != "9999" {
+		t.Errorf("wrong %s: %s", headerSandboxPort, capturedHeaders.Get(headerSandboxPort))
+	}
+	if capturedHeaders.Get(headerSandboxPodIP) != "10.244.0.42" {
+		t.Errorf("wrong %s: %s", headerSandboxPodIP, capturedHeaders.Get(headerSandboxPodIP))
+	}
+}
+
+func TestHTTPHeaders_PodIPNotSet(t *testing.T) {
+	var mu sync.Mutex
+	var headers http.Header
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		mu.Lock()
+		headers = r.Header.Clone()
+		mu.Unlock()
+		_ = json.NewEncoder(w).Encode(map[string]bool{"exists": true})
+	}))
+	defer server.Close()
+
+	c := newReadyTestSandbox(server.URL)
+	c.connector.SetIdentity("my-claim")
+	c.connector.SetPodIP("")
+	c.connector.mu.Lock()
+	c.connector.namespace = "my-ns"
+	c.connector.serverPort = 9999
+	c.connector.mu.Unlock()
+
+	_, err := c.Exists(context.Background(), "x")
+	if err != nil {
+		t.Fatalf("Exists() error: %v", err)
+	}
+
+	mu.Lock()
+	capturedHeaders := headers.Clone()
+	mu.Unlock()
+
+	if capturedHeaders.Get(headerSandboxID) != "my-claim" {
+		t.Errorf("wrong %s: %s", headerSandboxID, capturedHeaders.Get(headerSandboxID))
 	}
-	if headers.Get(headerSandboxPort) != "9999" {
-		t.Errorf("wrong %s: %s", headerSandboxPort, headers.Get(headerSandboxPort))
+	if _, ok := capturedHeaders[http.CanonicalHeaderKey(headerSandboxPodIP)]; ok {
+		t.Errorf("expected header %s to be absent, but it was present", headerSandboxPodIP)
 	}
 }
 

clients/go/sandbox/ip.go

@@ -0,0 +1,43 @@
+// Copyright 2026 The Kubernetes Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sandbox
+
+import (
+	"net"
+	"strings"
+)
+
+// selectPodIP scans the list of IP addresses, validates them, and returns
+// the normalized/canonical IP address (preferring IPv4 over IPv6).
+// In dual-stack environments, we explicitly prefer IPv4 over IPv6 for the
+// X-Sandbox-Pod-IP header. This is a Go-specific optimization/precedence rule that
+// ensures maximum compatibility with the downstream router's routing handler.
+// If no IPv4 is found, it falls back to the first syntactically valid IP.
+func selectPodIP(ips []string) string {
+	var firstValid string
+	for _, ip := range ips {
+		ip = strings.TrimSpace(ip)
+		parsed := net.ParseIP(ip)
+		if parsed != nil {
+			if parsed.To4() != nil {
+				return parsed.To4().String() // IPv4 has highest precedence; stop scanning.
+			}
+			if firstValid == "" {
+				firstValid = parsed.String()
+			}
+		}
+	}
+	return firstValid
+}

clients/go/sandbox/ip_test.go

@@ -0,0 +1,97 @@
+// Copyright 2026 The Kubernetes Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sandbox
+
+import (
+	"testing"
+)
+
+func TestSelectPodIP(t *testing.T) {
+	cases := []struct {
+		name     string
+		ips      []string
+		expected string
+	}{
+		{
+			name:     "no IPs",
+			ips:      nil,
+			expected: "",
+		},
+		{
+			name:     "single valid IPv4",
+			ips:      []string{"10.244.0.42"},
+			expected: "10.244.0.42",
+		},
+		{
+			name:     "single valid IPv6",
+			ips:      []string{"2001:db8::1"},
+			expected: "2001:db8::1",
+		},
+		{
+			name:     "dual-stack prioritizing IPv4 first",
+			ips:      []string{"10.244.0.42", "2001:db8::1"},
+			expected: "10.244.0.42",
+		},
+		{
+			name:     "dual-stack prioritizing IPv4 when IPv6 is first",
+			ips:      []string{"2001:db8::1", "10.244.0.42"},
+			expected: "10.244.0.42",
+		},
+		{
+			name:     "multiple IPv6 selects first parseable",
+			ips:      []string{"2001:db8::1", "2001:db8::2"},
+			expected: "2001:db8::1",
+		},
+		{
+			name:     "ignores invalid IP and falls back to valid IPv4",
+			ips:      []string{"not-a-valid-ip", "10.244.0.42"},
+			expected: "10.244.0.42",
+		},
+		{
+			name:     "ignores invalid IP and falls back to valid IPv6",
+			ips:      []string{"not-a-valid-ip", "2001:db8::1"},
+			expected: "2001:db8::1",
+		},
+		{
+			name:     "all invalid IPs leaves it empty",
+			ips:      []string{"not-a-valid-ip", "bad-address"},
+			expected: "",
+		},
+		{
+			name:     "normalizes IP address format (IPv4 whitespace)",
+			ips:      []string{"  192.168.1.1  "},
+			expected: "192.168.1.1",
+		},
+		{
+			name:     "normalizes IP address format (IPv6 compression)",
+			ips:      []string{"2001:db8:0:0:0:0:2:1"},
+			expected: "2001:db8::2:1",
+		},
+		{
+			name:     "normalizes IP address format (IPv4-mapped IPv6)",
+			ips:      []string{"::ffff:10.0.0.1"},
+			expected: "10.0.0.1",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			got := selectPodIP(tc.ips)
+			if got != tc.expected {
+				t.Errorf("expected selectPodIP %q, got %q", tc.expected, got)
+			}
+		})
+	}
+}

clients/go/sandbox/k8s.go

@@ -44,6 +44,7 @@ import (
 type sandboxState struct {
 	SandboxName string
 	PodName     string
+	PodIP       string
 	Annotations map[string]string
 }
 
@@ -425,6 +426,7 @@ func extractState(sb *sandboxv1beta1.Sandbox) *sandboxState {
 	} else {
 		state.PodName = sb.Name
 	}
+	state.PodIP = selectPodIP(sb.Status.PodIPs)
 	return state
 }
 

clients/go/sandbox/sandbox.go

@@ -40,6 +40,7 @@ type Sandbox struct {
 	claimName   string
 	sandboxName string
 	podName     string
+	podIP       string
 	annotations map[string]string
 
 	lifecycleSem chan struct{}
@@ -265,6 +266,7 @@ func (s *Sandbox) Open(ctx context.Context) (retErr error) {
 		return s.rollbackOpen(err)
 	}
 	s.setState(state)
+	s.connector.SetPodIP(state.PodIP)
 
 	// Connect transport.
 	if err := s.connector.Connect(openCtx); err != nil {
@@ -327,6 +329,7 @@ func (s *Sandbox) reconnect(ctx context.Context) error {
 	s.setState(state)
 
 	s.connector.SetIdentity(sandboxName)
+	s.connector.SetPodIP(state.PodIP)
 	if err := s.connector.Connect(reconnCtx); err != nil {
 		retErr := fmt.Errorf("sandbox: reconnect transport failed (sandbox is alive; retry Open): %w", err)
 		recordError(span, retErr)
@@ -350,6 +353,7 @@ func (s *Sandbox) rollbackOpen(originalErr error) error {
 	s.mu.Lock()
 	s.sandboxName = ""
 	s.podName = ""
+	s.podIP = ""
 	s.annotations = nil
 	if cleanupErr == nil {
 		s.claimName = ""
@@ -436,6 +440,7 @@ func (s *Sandbox) Close(ctx context.Context) error {
 	s.draining = false
 	s.sandboxName = ""
 	s.podName = ""
+	s.podIP = ""
 	s.annotations = nil
 	if err != nil && s.claimName != "" {
 		s.log.Error(err, "orphaned claim during Close, could not delete; retry Close() to clean up", "claim", s.claimName)
@@ -551,6 +556,12 @@ func (s *Sandbox) PodName() string {
 	return s.podName
 }
 
+func (s *Sandbox) PodIP() string {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.podIP
+}
+
 func (s *Sandbox) Annotations() map[string]string {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -593,5 +604,6 @@ func (s *Sandbox) setState(state *sandboxState) {
 	defer s.mu.Unlock()
 	s.sandboxName = state.SandboxName
 	s.podName = state.PodName
+	s.podIP = state.PodIP
 	s.annotations = state.Annotations
 }