apiserver: add SecureServingOptions.ExternalAddress

Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.
This commit is contained in:
Dr. Stefan Schimanski 2018-07-06 12:32:01 +02:00
parent 7deccb5b7a
commit c1c564fd4d
2 changed files with 7 additions and 0 deletions

View File

@ -118,6 +118,7 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo
return result, fmt.Errorf("failed to create listener: %v", err)
}
s.SecureServing.ServerCert.CertDirectory = result.TmpDir
s.SecureServing.ExternalAddress = s.SecureServing.Listener.Addr().(*net.TCPAddr).IP // use listener addr although it is a loopback device
_, thisFile, _, ok := runtime.Caller(0)
if !ok {

View File

@ -42,6 +42,9 @@ type SecureServingOptions struct {
BindNetwork string
// Required set to true means that BindPort cannot be zero.
Required bool
// ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this
// is set to BindAddress if the later no loopback, or to the first host interface address.
ExternalAddress net.IP
// Listener is the secure server network listener.
// either Listener or BindAddress/BindPort/BindNetwork is set,
@ -99,6 +102,9 @@ func NewSecureServingOptions() *SecureServingOptions {
}
func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error) {
if !s.ExternalAddress.IsUnspecified() {
return s.ExternalAddress, nil
}
return utilnet.ChooseBindAddress(s.BindAddress)
}