Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use localhost in admin kubeconfig again, if possible #5426

Merged
merged 1 commit into from
Jan 14, 2025
Merged

Use localhost in admin kubeconfig again, if possible #5426

merged 1 commit into from
Jan 14, 2025

Conversation

twz123
Copy link
Member

@twz123 twz123 commented Jan 9, 2025

Description

If the API server is binding to all addresses, it's better to use the loopback interface to communicate with the API server locally. This avoids e.g. weird HTTP proxy problems.

See:

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

How Has This Been Tested?

  • Manual test
  • Auto test added

Checklist:

  • My code follows the style guidelines of this project
  • My commit messages are signed-off
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings

@twz123
Use localhost in admin kubeconfig again, if possible
93b9f4c 
If the API server is binding to all addresses, it's better to use the
loopback interface to communicate with the API server locally. This
avoids e.g. weird HTTP proxy problems.

See: a759281 ("replace BindAddress by Address and OnlyBindToAddress")
See: 548dc41 ("Add spec.api.bindAddress configuration")
Signed-off-by: Tom Wieczorek <[email protected]>
@twz123 twz123 added bug Something isn't working area/controlplane labels Jan 9, 2025
@twz123 twz123 marked this pull request as ready for review January 10, 2025 09:29
@twz123 twz123 requested review from a team as code owners January 10, 2025 09:29
@twz123 twz123 requested review from ncopa and makhov January 10, 2025 09:29
@twz123 twz123 added the backport/release-1.31 PR that needs to be backported/cherrypicked to the release-1.31 branch label Jan 10, 2025
jnummelin
jnummelin reviewed Jan 10, 2025
View reviewed changes
pkg/apis/k0s/v1beta1/api.go
if a.OnlyBindToAddress {
host = net.JoinHostPort(a.Address, strconv.Itoa(a.Port))
} else {
host = fmt.Sprintf("localhost:%d", a.Port)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use net.JoinHostPort in this case too?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could, but we don't need to. JoinHostPort is only necessary if the host may be an IPv6 address, which, in this case, it isn't. Would you prefer to use it anyways?

ncopa
ncopa reviewed Jan 14, 2025
View reviewed changes
pkg/apis/k0s/v1beta1/api.go
Comment on lines +77 to +84
var host string
if a.OnlyBindToAddress {
host = net.JoinHostPort(a.Address, strconv.Itoa(a.Port))
} else {
host = fmt.Sprintf("localhost:%d", a.Port)
}

return &url.URL{Scheme: "https", Host: host}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't matter, but....

Suggested change
var host string
if a.OnlyBindToAddress {
host = net.JoinHostPort(a.Address, strconv.Itoa(a.Port))
} else {
host = fmt.Sprintf("localhost:%d", a.Port)
}
return &url.URL{Scheme: "https", Host: host}
host := "localhost"
if a.OnlyBindToAddress {
host = a.Address
}
return &url.URL{Scheme: "https", Host: net.JoinHostPort(host, strconv.Itoa(a.Port))}

@twz123 twz123 merged commit d71ff7b into k0sproject:main Jan 14, 2025
95 checks passed
@twz123 twz123 deleted the admin-kubeconfig-localhost branch January 14, 2025 11:02
@k0s-bot
Copy link

k0s-bot commented Jan 14, 2025

Backport failed for release-1.31, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-1.31
git worktree add -d .worktree/backport-5426-to-release-1.31 origin/release-1.31
cd .worktree/backport-5426-to-release-1.31
git switch --create backport-5426-to-release-1.31
git cherry-pick -x 93b9f4ccc221af159d0e978c13fe9f37dfffb49b

@twz123 twz123 mentioned this pull request Jan 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnummelin jnummelin jnummelin left review comments

@ncopa ncopa ncopa approved these changes

@makhov makhov Awaiting requested review from makhov makhov is a code owner automatically assigned from k0sproject/k0s-maintainers

Assignees
No one assigned
Labels
area/controlplane backport/release-1.31 PR that needs to be backported/cherrypicked to the release-1.31 branch bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@twz123 @k0s-bot @ncopa @jnummelin