mirror of https://github.com/k3s-io/k3s
Updated localhost address on IPv6 only setup
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>pull/5325/head
Roberto Bonafiglia
parent
2285aa699b
commit
dda409b041
|
|
@ -167,7 +167,7 @@ func connect(rootCtx context.Context, waitGroup *sync.WaitGroup, address string,
|
|||
for {
|
||||
remotedialer.ClientConnect(ctx, wsURL, nil, ws, func(proto, address string) bool {
|
||||
host, port, err := net.SplitHostPort(address)
|
||||
return err == nil && proto == "tcp" && ports[port] && host == "127.0.0.1"
|
||||
return err == nil && proto == "tcp" && ports[port] && (host == "127.0.0.1" || host == "::1")
|
||||
}, func(_ context.Context) error {
|
||||
if waitGroup != nil {
|
||||
once.Do(waitGroup.Done)
|
||||
|
|
|
|||
|
|
@ -462,6 +462,8 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
|
|||
if IPv6only {
|
||||
ip = "[::1]"
|
||||
}
|
||||
} else if utilsnet.IsIPv6String(ip) {
|
||||
ip = fmt.Sprintf("[%s]", ip)
|
||||
}
|
||||
|
||||
url := fmt.Sprintf("https://%s:%d", ip, serverConfig.ControlConfig.SupervisorPort)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
|
|
@ -22,6 +23,7 @@ import (
|
|||
"github.com/rancher/wrangler/pkg/generated/controllers/core"
|
||||
"github.com/sirupsen/logrus"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
// newListener returns a new TCP listener and HTTP request handler using dynamiclistener.
|
||||
|
|
@ -35,7 +37,11 @@ func (c *Cluster) newListener(ctx context.Context) (net.Listener, http.Handler,
|
|||
os.Remove(filepath.Join(c.config.DataDir, "tls/dynamic-cert.json"))
|
||||
}
|
||||
}
|
||||
tcp, err := dynamiclistener.NewTCPListener(c.config.BindAddress, c.config.SupervisorPort)
|
||||
ip := c.config.BindAddress
|
||||
if utilsnet.IsIPv6String(ip) {
|
||||
ip = fmt.Sprintf("[%s]", ip)
|
||||
}
|
||||
tcp, err := dynamiclistener.NewTCPListener(ip, c.config.SupervisorPort)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import (
|
|||
"github.com/k3s-io/k3s/pkg/daemons/config"
|
||||
"github.com/k3s-io/k3s/pkg/passwd"
|
||||
"github.com/k3s-io/k3s/pkg/token"
|
||||
"github.com/k3s-io/k3s/pkg/util"
|
||||
"github.com/k3s-io/k3s/pkg/version"
|
||||
certutil "github.com/rancher/dynamiclistener/cert"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
@ -305,7 +306,15 @@ func genClientCerts(config *config.Control) error {
|
|||
factory := getSigningCertFactory(regen, nil, []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, runtime.ClientCA, runtime.ClientCAKey)
|
||||
|
||||
var certGen bool
|
||||
apiEndpoint := fmt.Sprintf("https://127.0.0.1:%d", config.APIServerPort)
|
||||
|
||||
IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(config.ServiceIPRanges)
|
||||
ip := ""
|
||||
if IPv6OnlyService {
|
||||
ip = "[::1]"
|
||||
} else {
|
||||
ip = "127.0.0.1"
|
||||
}
|
||||
apiEndpoint := fmt.Sprintf("https://%s:%d", ip, config.APIServerPort)
|
||||
|
||||
certGen, err = factory("system:admin", []string{"system:masters"}, runtime.ClientAdminCert, runtime.ClientAdminKey)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,13 @@ import (
|
|||
_ "k8s.io/component-base/metrics/prometheus/restclient"
|
||||
)
|
||||
|
||||
var localhostIP = net.ParseIP("127.0.0.1")
|
||||
func getLocalhostIP(serviceCIDR []*net.IPNet) net.IP {
|
||||
IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(serviceCIDR)
|
||||
if IPv6OnlyService {
|
||||
return net.ParseIP("::1")
|
||||
}
|
||||
return net.ParseIP("127.0.0.1")
|
||||
}
|
||||
|
||||
func Server(ctx context.Context, cfg *config.Control) error {
|
||||
rand.Seed(time.Now().UTC().UnixNano())
|
||||
|
|
@ -95,7 +101,7 @@ func controllerManager(ctx context.Context, cfg *config.Control) error {
|
|||
"cluster-cidr": util.JoinIPNets(cfg.ClusterIPRanges),
|
||||
"root-ca-file": runtime.ServerCA,
|
||||
"profiling": "false",
|
||||
"bind-address": localhostIP.String(),
|
||||
"bind-address": getLocalhostIP(cfg.ServiceIPRanges).String(),
|
||||
"secure-port": "10257",
|
||||
"use-service-account-credentials": "true",
|
||||
"cluster-signing-kube-apiserver-client-cert-file": runtime.ClientCA,
|
||||
|
|
@ -127,7 +133,7 @@ func scheduler(ctx context.Context, cfg *config.Control) error {
|
|||
"kubeconfig": runtime.KubeConfigScheduler,
|
||||
"authorization-kubeconfig": runtime.KubeConfigScheduler,
|
||||
"authentication-kubeconfig": runtime.KubeConfigScheduler,
|
||||
"bind-address": localhostIP.String(),
|
||||
"bind-address": getLocalhostIP(cfg.ServiceIPRanges).String(),
|
||||
"secure-port": "10259",
|
||||
"profiling": "false",
|
||||
}
|
||||
|
|
@ -164,7 +170,7 @@ func apiServer(ctx context.Context, cfg *config.Control) error {
|
|||
argsMap["insecure-port"] = "0"
|
||||
argsMap["secure-port"] = strconv.Itoa(cfg.APIServerPort)
|
||||
if cfg.APIServerBindAddress == "" {
|
||||
argsMap["bind-address"] = localhostIP.String()
|
||||
argsMap["bind-address"] = getLocalhostIP(cfg.ServiceIPRanges).String()
|
||||
} else {
|
||||
argsMap["bind-address"] = cfg.APIServerBindAddress
|
||||
}
|
||||
|
|
@ -297,7 +303,7 @@ func cloudControllerManager(ctx context.Context, cfg *config.Control) error {
|
|||
"authorization-kubeconfig": runtime.KubeConfigCloudController,
|
||||
"authentication-kubeconfig": runtime.KubeConfigCloudController,
|
||||
"node-status-update-frequency": "1m0s",
|
||||
"bind-address": "127.0.0.1",
|
||||
"bind-address": getLocalhostIP(cfg.ServiceIPRanges).String(),
|
||||
"port": "0",
|
||||
}
|
||||
if cfg.NoLeaderElect {
|
||||
|
|
|
|||
|
|
@ -134,6 +134,13 @@ func NewETCD() *ETCD {
|
|||
}
|
||||
}
|
||||
|
||||
func getLocalhostAddress(address string) string {
|
||||
if utilsnet.IsIPv6String(address) {
|
||||
return "[::1]"
|
||||
}
|
||||
return "127.0.0.1"
|
||||
}
|
||||
|
||||
// EndpointName returns the name of the endpoint.
|
||||
func (e *ETCD) EndpointName() string {
|
||||
return "etcd"
|
||||
|
|
@ -744,7 +751,7 @@ func (e *ETCD) clientURL() string {
|
|||
|
||||
// metricsURL returns the metrics access address
|
||||
func (e *ETCD) metricsURL(expose bool) string {
|
||||
address := "http://127.0.0.1:2381"
|
||||
address := fmt.Sprintf("http://%s:2381", getLocalhostAddress(e.address))
|
||||
if expose {
|
||||
if utilsnet.IsIPv6String(e.address) {
|
||||
address = fmt.Sprintf("https://[%s]:2381,%s", e.address, address)
|
||||
|
|
@ -761,7 +768,7 @@ func (e *ETCD) cluster(ctx context.Context, forceNew bool, options executor.Init
|
|||
Name: e.name,
|
||||
InitialOptions: options,
|
||||
ForceNewCluster: forceNew,
|
||||
ListenClientURLs: e.clientURL() + ",https://127.0.0.1:2379",
|
||||
ListenClientURLs: e.clientURL() + "," + fmt.Sprintf("http://%s:2379", getLocalhostAddress(e.address)),
|
||||
ListenMetricsURLs: e.metricsURL(e.config.EtcdExposeMetrics),
|
||||
ListenPeerURLs: e.peerURL(),
|
||||
AdvertiseClientURLs: e.clientURL(),
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ import (
|
|||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/net"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -91,7 +92,12 @@ func StartServer(ctx context.Context, config *Config, cfg *cmds.Server) error {
|
|||
if err == nil {
|
||||
ip = hostIP
|
||||
} else {
|
||||
ip = net2.ParseIP("127.0.0.1")
|
||||
IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(config.ControlConfig.ServiceIPRanges)
|
||||
if IPv6OnlyService {
|
||||
ip = net2.ParseIP("::1")
|
||||
} else {
|
||||
ip = net2.ParseIP("127.0.0.1")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -333,7 +339,12 @@ func printTokens(advertiseIP string, config *config.Control) error {
|
|||
)
|
||||
|
||||
if advertiseIP == "" {
|
||||
advertiseIP = "127.0.0.1"
|
||||
IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(config.ServiceIPRanges)
|
||||
if IPv6OnlyService {
|
||||
advertiseIP = "::1"
|
||||
} else {
|
||||
advertiseIP = "127.0.0.1"
|
||||
}
|
||||
}
|
||||
|
||||
if len(config.Runtime.ServerToken) > 0 {
|
||||
|
|
@ -365,12 +376,24 @@ func printTokens(advertiseIP string, config *config.Control) error {
|
|||
func writeKubeConfig(certs string, config *Config) error {
|
||||
ip := config.ControlConfig.BindAddress
|
||||
if ip == "" {
|
||||
ip = "127.0.0.1"
|
||||
IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(config.ControlConfig.ServiceIPRanges)
|
||||
if IPv6OnlyService {
|
||||
ip = "[::1]"
|
||||
} else {
|
||||
ip = "127.0.0.1"
|
||||
}
|
||||
} else if utilsnet.IsIPv6String(ip) {
|
||||
ip = fmt.Sprintf("[%s]", ip)
|
||||
}
|
||||
port := config.ControlConfig.HTTPSPort
|
||||
// on servers without a local apiserver, tunnel access via the loadbalancer
|
||||
if config.ControlConfig.DisableAPIServer {
|
||||
ip = "127.0.0.1"
|
||||
IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(config.ControlConfig.ServiceIPRanges)
|
||||
if IPv6OnlyService {
|
||||
ip = "[::1]"
|
||||
} else {
|
||||
ip = "127.0.0.1"
|
||||
}
|
||||
port = config.ControlConfig.APIServerPort
|
||||
}
|
||||
url := fmt.Sprintf("https://%s:%d", ip, port)
|
||||
|
|
@ -454,6 +477,8 @@ func printToken(httpsPort int, advertiseIP, prefix, cmd string) {
|
|||
logrus.Errorf("Failed to choose interface: %v", err)
|
||||
}
|
||||
ip = hostIP.String()
|
||||
} else if utilsnet.IsIPv6String(ip) {
|
||||
ip = fmt.Sprintf("[%s]", ip)
|
||||
}
|
||||
|
||||
logrus.Infof("%s %s %s -s https://%s:%d -t ${NODE_TOKEN}", prefix, version.Program, cmd, ip, httpsPort)
|
||||
|
|
|
|||
Loading…
Reference in New Issue