From d2555741505a13285dba920715460804c2689d6f Mon Sep 17 00:00:00 2001 From: galal-hussein Date: Sun, 31 Mar 2019 02:10:23 +0200 Subject: [PATCH 1/2] Add bind address server config --- pkg/cli/cmds/server.go | 6 ++++++ pkg/cli/server/server.go | 8 ++++++-- pkg/server/server.go | 16 ++++++++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index fc860e81bdf..7a9ac82fa71 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -17,6 +17,7 @@ type Server struct { KubeConfigOutput string KubeConfigMode string KnownIPs cli.StringSlice + BindAddress string } var ServerConfig Server @@ -28,6 +29,11 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command { UsageText: appName + " server [OPTIONS]", Action: action, Flags: []cli.Flag{ + cli.StringFlag{ + Name: "bind-address", + Usage: "k3s bind address", + Destination: &ServerConfig.BindAddress, + }, cli.IntFlag{ Name: "https-listen-port", Usage: "HTTPS listen port", diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 23606ddeb92..3be5dbfae47 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -78,6 +78,7 @@ func run(app *cli.Context, cfg *cmds.Server) error { serverConfig.TLSConfig.HTTPSPort = cfg.HTTPSPort serverConfig.TLSConfig.HTTPPort = cfg.HTTPPort serverConfig.TLSConfig.KnownIPs = knownIPs(cfg.KnownIPs) + serverConfig.TLSConfig.BindAddress = cfg.BindAddress _, serverConfig.ControlConfig.ClusterIPRange, err = net2.ParseCIDR(cfg.ClusterCIDR) if err != nil { @@ -133,8 +134,11 @@ func run(app *cli.Context, cfg *cmds.Server) error { <-ctx.Done() return nil } - - url := fmt.Sprintf("https://localhost:%d", serverConfig.TLSConfig.HTTPSPort) + ip := serverConfig.TLSConfig.BindAddress + if ip == "" { + ip = "localhost" + } + url := fmt.Sprintf("https://%s:%d", ip, serverConfig.TLSConfig.HTTPSPort) token := server.FormatToken(serverConfig.ControlConfig.Runtime.NodeToken, certs) agentConfig := cmds.AgentConfig diff --git a/pkg/server/server.go b/pkg/server/server.go index dad051ce0d7..7b04868035e 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -49,6 +49,7 @@ func resolveDataDir(dataDir string) (string, error) { } func StartServer(ctx context.Context, config *Config) (string, error) { + if err := setupDataDirAndChdir(&config.ControlConfig); err != nil { return "", err } @@ -62,9 +63,12 @@ func StartServer(ctx context.Context, config *Config) (string, error) { return "", errors.Wrap(err, "starting tls server") } - ip, err := net.ChooseHostInterface() - if err != nil { - ip = net2.ParseIP("127.0.0.1") + ip := net2.ParseIP(config.TLSConfig.BindAddress) + if ip == nil { + ip, err = net.ChooseHostInterface() + if err != nil { + ip = net2.ParseIP("127.0.0.1") + } } printTokens(certs, ip.String(), &config.TLSConfig, &config.ControlConfig) @@ -192,7 +196,11 @@ func printTokens(certs, advertiseIP string, tlsConfig *dynamiclistener.UserConfi func writeKubeConfig(certs string, tlsConfig *dynamiclistener.UserConfig, config *config.Control) { clientToken := FormatToken(config.Runtime.ClientToken, certs) - url := fmt.Sprintf("https://localhost:%d", tlsConfig.HTTPSPort) + ip := tlsConfig.BindAddress + if ip == "" { + ip = "localhost" + } + url := fmt.Sprintf("https://%s:%d", ip, tlsConfig.HTTPSPort) kubeConfig, err := HomeKubeConfig(true) def := true if err != nil { From 4591faf859968649f701c317fafd7f4ee40419af Mon Sep 17 00:00:00 2001 From: galal-hussein Date: Sun, 31 Mar 2019 11:41:42 +0200 Subject: [PATCH 2/2] Vendor Update --- vendor.conf | 2 +- .../norman/pkg/dynamiclistener/server.go | 17 ++++++++++------- .../rancher/norman/pkg/dynamiclistener/types.go | 15 ++++++++------- .../rancher/norman/pkg/resolvehome/home.go | 5 +++++ 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/vendor.conf b/vendor.conf index 26e1cf15f0b..5c50d53b5fc 100644 --- a/vendor.conf +++ b/vendor.conf @@ -11,7 +11,7 @@ package=github.com/opencontainers/runc/contrib/cmd/recvtty k8s.io/kubernetes v1.13.5-k3s.1 https://github.com/rancher/k3s.git transitive=true,staging=true -github.com/rancher/norman f75e3607e96e1a5d3cbaf4ee7cea1459cc727f61 https://github.com/ibuildthecloud/norman.git +github.com/rancher/norman efb72b594a2a34f2573b9565c6cd9926a1f6ae08 https://github.com/ibuildthecloud/norman.git github.com/coreos/flannel 823afe66b2266bf71f5bec24e6e28b26d70cfc7c https://github.com/ibuildthecloud/flannel.git github.com/natefinch/lumberjack aee4629129445bbdfb69aa565537dcfa16544311 github.com/gorilla/mux v1.6.2 diff --git a/vendor/github.com/rancher/norman/pkg/dynamiclistener/server.go b/vendor/github.com/rancher/norman/pkg/dynamiclistener/server.go index 83d39b5ef1b..915e75da46e 100644 --- a/vendor/github.com/rancher/norman/pkg/dynamiclistener/server.go +++ b/vendor/github.com/rancher/norman/pkg/dynamiclistener/server.go @@ -196,7 +196,10 @@ func (s *server) userConfigure() error { s.ips.Add(ip, netIP) } } - + bindAddress := net.ParseIP(s.userConfig.BindAddress) + if bindAddress != nil { + s.ips.Add(s.userConfig.BindAddress, bindAddress) + } return nil } @@ -445,7 +448,7 @@ func (s *server) serveHTTPS() error { PreferServerCipherSuites: true, } - listener, err := s.newListener(s.userConfig.HTTPSPort, conf) + listener, err := s.newListener(s.userConfig.BindAddress, s.userConfig.HTTPSPort, conf) if err != nil { return err } @@ -460,7 +463,7 @@ func (s *server) serveHTTPS() error { s.startServer(listener, server) if s.userConfig.HTTPPort > 0 { - httpListener, err := s.newListener(s.userConfig.HTTPPort, nil) + httpListener, err := s.newListener(s.userConfig.BindAddress, s.userConfig.HTTPPort, nil) if err != nil { return err } @@ -524,8 +527,8 @@ func (s *server) Handler() http.Handler { return s.userConfig.Handler } -func (s *server) newListener(port int, config *tls.Config) (net.Listener, error) { - addr := fmt.Sprintf(":%d", port) +func (s *server) newListener(ip string, port int, config *tls.Config) (net.Listener, error) { + addr := fmt.Sprintf("%s:%d", ip, port) l, err := net.Listen("tcp", addr) if err != nil { return nil, err @@ -561,7 +564,7 @@ func (s *server) serveACME() error { } if s.userConfig.HTTPPort > 0 { - httpListener, err := s.newListener(s.userConfig.HTTPPort, nil) + httpListener, err := s.newListener(s.userConfig.BindAddress, s.userConfig.HTTPPort, nil) if err != nil { return err } @@ -579,7 +582,7 @@ func (s *server) serveACME() error { } - httpsListener, err := s.newListener(s.userConfig.HTTPSPort, conf) + httpsListener, err := s.newListener(s.userConfig.BindAddress, s.userConfig.HTTPSPort, conf) if err != nil { return err } diff --git a/vendor/github.com/rancher/norman/pkg/dynamiclistener/types.go b/vendor/github.com/rancher/norman/pkg/dynamiclistener/types.go index 92a891d4f66..a57939b6366 100644 --- a/vendor/github.com/rancher/norman/pkg/dynamiclistener/types.go +++ b/vendor/github.com/rancher/norman/pkg/dynamiclistener/types.go @@ -26,13 +26,14 @@ type UserConfig struct { // Optional fields - KnownIPs []string - Domains []string - Mode string - NoCACerts bool - CACerts string - Cert string - Key string + KnownIPs []string + Domains []string + Mode string + NoCACerts bool + CACerts string + Cert string + Key string + BindAddress string } type ListenerStatus struct { diff --git a/vendor/github.com/rancher/norman/pkg/resolvehome/home.go b/vendor/github.com/rancher/norman/pkg/resolvehome/home.go index cf189d12deb..cc96d6a44c3 100644 --- a/vendor/github.com/rancher/norman/pkg/resolvehome/home.go +++ b/vendor/github.com/rancher/norman/pkg/resolvehome/home.go @@ -27,6 +27,11 @@ func Resolve(s string) (string, error) { } func getHomeDir() (string, error) { + home := os.Getenv("HOME") + if home != "" { + return home, nil + } + if os.Getuid() == 0 { return "/root", nil }