CPLB virtual address fall back for kube API URL #772
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kke
force-pushed
the
validate-connection-vrrp-ip
branch
from
2f8ea92
to
b29d590
Compare
kke
changed the title
kke
commented
Oct 18, 2024
phase/configure_k0s.go
Outdated
| @@ -309,6 +309,10 @@ func (p *ConfigureK0s) configFor(h *cluster.Host) (string, error) { | |||
| cfg.DigMapping("spec", "api")["address"] = addr | |||
| addUnlessExist(&sans, addr) | |||
|
|
|||
| if externalAddr := cfg.DigString("spec", "api", "externalAddress"); externalAddr != "" { | |||
| addUnlessExist(&sans, externalAddr) | |||
There was a problem hiding this comment.
Should externalAddr be in sans?
There was a problem hiding this comment.
No, it's added automatically. the component endpoint-reconciler should be disabled though. Everything else seems fine
There was a problem hiding this comment.
I don't think ctl needs to worry about those. Maybe all the other sans manipulation is pointless too if k0s does it on its own?
There was a problem hiding this comment.
// Sans return the given SANS plus all local addresses and externalAddress if given
func (a *APISpec) Sans() []string {
sans, _ := iface.AllAddresses()
sans = append(sans, a.Address)
sans = append(sans, a.SANs...)
if a.ExternalAddress != "" {
sans = append(sans, a.ExternalAddress)
}
return stringslice.Unique(sans)
}k0s does all this, I don't think ctl needs to manipulate sans at all.
There was a problem hiding this comment.
ctl added the FQDNs to the SANs (see https://github.com/k0sproject/k0s/issues/5168).
Signed-off-by: Kimmo Lehto <[email protected]>
Signed-off-by: Kimmo Lehto <[email protected]>
Signed-off-by: Kimmo Lehto <[email protected]>
Signed-off-by: Kimmo Lehto <[email protected]>
kke
force-pushed
the
validate-connection-vrrp-ip
branch
from
65f0c0c
to
fd0ba50
Compare
kke
added a commit
that referenced
this pull request
Nov 4, 2024
Signed-off-by: Kimmo Lehto <[email protected]>
kke
added a commit
that referenced
this pull request
Nov 4, 2024
Signed-off-by: Kimmo Lehto <[email protected]>
kke
added a commit
that referenced
this pull request
Nov 7, 2024
Signed-off-by: Kimmo Lehto <[email protected]>
kke
added a commit
that referenced
this pull request
Nov 7, 2024
Signed-off-by: Kimmo Lehto <[email protected]>
kke
added a commit
that referenced
this pull request
Nov 8, 2024
* Restore sans manipulation that was removed in #772 Signed-off-by: Kimmo Lehto <[email protected]> * Make sans global Signed-off-by: Kimmo Lehto <[email protected]> --------- Signed-off-by: Kimmo Lehto <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes k0sproject/k0s#771
Fixes k0sproject/k0s#773
If the k0s config specifies control plane load balancing with keepalived and lists virtual addresses, use the first of those when generating an external URL for the cluster's kube API.
Before:
After:
This external address is used when modifying the admin kubeconfig received from a leader and when validating worker connectivity to the kube api.
Cluster interal kube API URL is generated from the effective leader's private address or the public one if one is not defined.
When validating the kube API to come up on a node, the new k0s
spec.api.onlyBindToAddressoption is now considered, so instead ofhttps://localhostit will use the configured address when the setting is enabled as the node local api address.