From e32f380fa5df4361894570787814d0459baada93 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Wed, 4 Jul 2018 17:01:49 +0200 Subject: [PATCH] apiserver: get rid of ReadWritePort in config --- pkg/master/controller.go | 7 +++- .../src/k8s.io/apiserver/pkg/server/config.go | 39 +++++++++++++------ .../server/options/serving_with_loopback.go | 2 - 3 files changed, 34 insertions(+), 14 deletions(-) diff --git a/pkg/master/controller.go b/pkg/master/controller.go index ac5a86db1b6..466209195f8 100644 --- a/pkg/master/controller.go +++ b/pkg/master/controller.go @@ -79,6 +79,11 @@ type Controller struct { // NewBootstrapController returns a controller for watching the core capabilities of the master func (c *completedConfig) NewBootstrapController(legacyRESTStorage corerest.LegacyRESTStorage, serviceClient coreclient.ServicesGetter, nsClient coreclient.NamespacesGetter, eventClient coreclient.EventsGetter) *Controller { + _, publicServicePort, err := c.GenericConfig.SecureServing.HostPort() + if err != nil { + glog.Fatalf("failed to get listener address: %v", err) + } + return &Controller{ ServiceClient: serviceClient, NamespaceClient: nsClient, @@ -104,7 +109,7 @@ func (c *completedConfig) NewBootstrapController(legacyRESTStorage corerest.Lega ServicePort: c.ExtraConfig.APIServerServicePort, ExtraServicePorts: c.ExtraConfig.ExtraServicePorts, ExtraEndpointPorts: c.ExtraConfig.ExtraEndpointPorts, - PublicServicePort: c.GenericConfig.ReadWritePort, + PublicServicePort: publicServicePort, KubernetesServiceNodePort: c.ExtraConfig.KubernetesServiceNodePort, } } diff --git a/staging/src/k8s.io/apiserver/pkg/server/config.go b/staging/src/k8s.io/apiserver/pkg/server/config.go index 5097a98b62b..43fb57cd468 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/config.go +++ b/staging/src/k8s.io/apiserver/pkg/server/config.go @@ -181,9 +181,6 @@ type Config struct { // values below here are targets for removal //=========================================================================== - // The port on PublicAddress where a read-write server will be installed. - // Defaults to 6443 if not set. - ReadWritePort int // PublicAddress is the IP address where members of the cluster (kubelet, // kube-proxy, services, etc.) can reach the GenericAPIServer. // If nil or 0.0.0.0, the host's default interface will be used. @@ -250,7 +247,6 @@ type AuthorizationInfo struct { func NewConfig(codecs serializer.CodecFactory) *Config { return &Config{ Serializer: codecs, - ReadWritePort: 443, BuildHandlerChainFunc: DefaultBuildHandlerChain, HandlerChainWaitGroup: new(utilwaitgroup.SafeWaitGroup), LegacyAPIGroupPrefixes: sets.NewString(DefaultLegacyAPIPrefix), @@ -354,16 +350,21 @@ type CompletedConfig struct { // Complete fills in any fields not set that are required to have valid data and can be derived // from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver. func (c *Config) Complete(informers informers.SharedInformerFactory) CompletedConfig { - host := c.ExternalAddress - if host == "" && c.PublicAddress != nil { - host = c.PublicAddress.String() + if len(c.ExternalAddress) == 0 && c.PublicAddress != nil { + c.ExternalAddress = c.PublicAddress.String() } - // if there is no port, and we have a ReadWritePort, use that - if _, _, err := net.SplitHostPort(host); err != nil && c.ReadWritePort != 0 { - host = net.JoinHostPort(host, strconv.Itoa(c.ReadWritePort)) + // if there is no port, and we listen on one securely, use that one + if _, _, err := net.SplitHostPort(c.ExternalAddress); err != nil { + if c.SecureServing == nil { + glog.Fatalf("cannot derive external address port without listening on a secure port.") + } + _, port, err := c.SecureServing.HostPort() + if err != nil { + glog.Fatalf("cannot derive external address from the secure port: %v", err) + } + c.ExternalAddress = net.JoinHostPort(c.ExternalAddress, strconv.Itoa(port)) } - c.ExternalAddress = host if c.OpenAPIConfig != nil && c.OpenAPIConfig.SecurityDefinitions != nil { // Setup OpenAPI security: all APIs will have the same authentication for now. @@ -615,3 +616,19 @@ func NewRequestInfoResolver(c *Config) *apirequest.RequestInfoFactory { GrouplessAPIPrefixes: legacyAPIPrefixes, } } + +func (s *SecureServingInfo) HostPort() (string, int, error) { + if s == nil || s.Listener == nil { + return "", 0, fmt.Errorf("no listener found") + } + addr := s.Listener.Addr().String() + host, portStr, err := net.SplitHostPort(addr) + if err != nil { + return "", 0, fmt.Errorf("failed to get port from listener address %q: %v", addr, err) + } + port, err := strconv.Atoi(portStr) + if err != nil { + return "", 0, fmt.Errorf("invalid non-numeric port %q", portStr) + } + return host, port, nil +} diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go index 8d249cb54b4..dd6e0e1a7f5 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go @@ -48,8 +48,6 @@ func (s *SecureServingOptionsWithLoopback) ApplyTo(c *server.Config) error { return nil } - c.ReadWritePort = s.BindPort - // create self-signed cert+key with the fake server.LoopbackClientServerNameOverride and // let the server return it when the loopback client connects. certPem, keyPem, err := certutil.GenerateSelfSignedCertKey(server.LoopbackClientServerNameOverride, nil, nil)