Ensure that loopback is used for the advertised address when resetting

Signed-off-by: Brad Davidson <[email protected]>
brandond · Apr 4, 2023 · b010db0 · b010db0
1 parent 877247a
commit b010db0
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go
@@ -182,7 +182,7 @@ func (e *ETCD) SetControlConfig(ctx context.Context, config *config.Control) err
 		e.client.Close()
 	}()
 
-	address, err := GetAdvertiseAddress(config.PrivateIP)
+	address, err := getAdvertiseAddress(config.PrivateIP)
 	if err != nil {
 		return err
 	}
@@ -537,7 +537,7 @@ func (e *ETCD) Register(ctx context.Context, config *config.Control, handler htt
 		e.client.Close()
 	}()
 
-	address, err := GetAdvertiseAddress(config.PrivateIP)
+	address, err := getAdvertiseAddress(config.PrivateIP)
 	if err != nil {
 		return nil, err
 	}
@@ -708,7 +708,7 @@ func toTLSConfig(runtime *config.ControlRuntime) (*tls.Config, error) {
 }
 
 // getAdvertiseAddress returns the IP address best suited for advertising to clients
-func GetAdvertiseAddress(advertiseIP string) (string, error) {
+func getAdvertiseAddress(advertiseIP string) (string, error) {
 	ip := advertiseIP
 	if ip == "" {
 		ipAddr, err := utilnet.ChooseHostInterface()
@@ -809,9 +809,19 @@ func (e *ETCD) clientURL() string {
 	return fmt.Sprintf("https://%s", net.JoinHostPort(e.address, "2379"))
 }
 
+// advertiseClientURLs returns the advertised addresses for the local node.
+// During cluster reset/restore we only listen on loopback to avoid having apiservers
+// on other nodes connect mid-process.
+func (e *ETCD) advertiseClientURLs(reset bool) string {
+	if reset {
+		return fmt.Sprintf("https://%s", net.JoinHostPort(e.config.Loopback(true), "2379"))
+	}
+	return e.clientURL()
+}
+
 // listenClientURLs returns a list of URLs to bind to for client connections.
-// During cluster reset/restore, we only listen on loopback to avoid having the apiserver
-// connect mid-process.
+// During cluster reset/restore, we only listen on loopback to avoid having apiservers
+// on other nodes connect mid-process.
 func (e *ETCD) listenClientURLs(reset bool) string {
 	clientURLs := fmt.Sprintf("https://%s:2379", e.config.Loopback(true))
 	if !reset {
@@ -839,7 +849,7 @@ func (e *ETCD) cluster(ctx context.Context, reset bool, options executor.Initial
 		ListenClientURLs:    e.listenClientURLs(reset),
 		ListenMetricsURLs:   e.listenMetricsURLs(reset),
 		ListenPeerURLs:      e.listenPeerURLs(reset),
-		AdvertiseClientURLs: e.clientURL(),
+		AdvertiseClientURLs: e.advertiseClientURLs(reset),
 		DataDir:             DBDir(e.config),
 		ServerTrust: executor.ServerTrust{
 			CertFile:       e.config.Runtime.ServerETCDCert,
@@ -1142,7 +1152,7 @@ func ClientURLs(ctx context.Context, clientAccessInfo *clientaccess.Info, selfIP
 	if err := json.Unmarshal(resp, &memberList); err != nil {
 		return nil, memberList, err
 	}
-	ip, err := GetAdvertiseAddress(selfIP)
+	ip, err := getAdvertiseAddress(selfIP)
 	if err != nil {
 		return nil, memberList, err
 	}