mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
apiserver: add SecureServingOptions.ExternalAddress
Before this the advertised IP (which shows up in the server cert) in case of listening to loopback was the first host interface IP. This makes self-signed certs non-constant, such that we cannot use fixtures.
This commit is contained in:
parent
7deccb5b7a
commit
c1c564fd4d
@ -118,6 +118,7 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo
|
||||
return result, fmt.Errorf("failed to create listener: %v", err)
|
||||
}
|
||||
s.SecureServing.ServerCert.CertDirectory = result.TmpDir
|
||||
s.SecureServing.ExternalAddress = s.SecureServing.Listener.Addr().(*net.TCPAddr).IP // use listener addr although it is a loopback device
|
||||
|
||||
_, thisFile, _, ok := runtime.Caller(0)
|
||||
if !ok {
|
||||
|
@ -42,6 +42,9 @@ type SecureServingOptions struct {
|
||||
BindNetwork string
|
||||
// Required set to true means that BindPort cannot be zero.
|
||||
Required bool
|
||||
// ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this
|
||||
// is set to BindAddress if the later no loopback, or to the first host interface address.
|
||||
ExternalAddress net.IP
|
||||
|
||||
// Listener is the secure server network listener.
|
||||
// either Listener or BindAddress/BindPort/BindNetwork is set,
|
||||
@ -99,6 +102,9 @@ func NewSecureServingOptions() *SecureServingOptions {
|
||||
}
|
||||
|
||||
func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error) {
|
||||
if !s.ExternalAddress.IsUnspecified() {
|
||||
return s.ExternalAddress, nil
|
||||
}
|
||||
return utilnet.ChooseBindAddress(s.BindAddress)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user