diff --git a/cmd/kube-apiserver/app/testing/testserver.go b/cmd/kube-apiserver/app/testing/testserver.go index faabbe4bae1..628ccdefd30 100644 --- a/cmd/kube-apiserver/app/testing/testserver.go +++ b/cmd/kube-apiserver/app/testing/testserver.go @@ -118,6 +118,7 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo return result, fmt.Errorf("failed to create listener: %v", err) } s.SecureServing.ServerCert.CertDirectory = result.TmpDir + s.SecureServing.ExternalAddress = s.SecureServing.Listener.Addr().(*net.TCPAddr).IP // use listener addr although it is a loopback device _, thisFile, _, ok := runtime.Caller(0) if !ok { diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go index a7dc317ee96..96bd9fb8cc7 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go @@ -42,6 +42,9 @@ type SecureServingOptions struct { BindNetwork string // Required set to true means that BindPort cannot be zero. Required bool + // ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this + // is set to BindAddress if the later no loopback, or to the first host interface address. + ExternalAddress net.IP // Listener is the secure server network listener. // either Listener or BindAddress/BindPort/BindNetwork is set, @@ -99,6 +102,9 @@ func NewSecureServingOptions() *SecureServingOptions { } func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error) { + if !s.ExternalAddress.IsUnspecified() { + return s.ExternalAddress, nil + } return utilnet.ChooseBindAddress(s.BindAddress) }