Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use default address family when adding kubernetes service address to SAN list #6857

Merged
merged 1 commit into from
Feb 9, 2023
Merged

Use default address family when adding kubernetes service address to SAN list #6857

merged 1 commit into from
Feb 9, 2023

Conversation

brandond
Copy link
Member

@brandond brandond commented Jan 30, 2023
edited
Loading

Proposed Changes

Use default address family when adding kubernetes service address to SAN list

We were using the legacy ServiceCIDR, which is always IPv4 if one is configured. We should instead use the first CIDR, which determines the cluster's default address family.

For the same reason, don't prefer advertising the IPv4 node addresses if both IPv4 and IPv6 addresses are given, just use whatever's given first.

Types of Changes

Verification

  • See linked issue
  • On a dual-stack cluster with IPv6 preferred (given first in the CIDR list), check for the cluster service address in the apiserver cert: openssl x509 -noout -text /var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt

Testing

Linked Issues

User-Facing Change

The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.

Further Comments

@brandond brandond requested a review from a team as a code owner January 30, 2023 22:41
@brandond brandond merged commit 32d62c5 into k3s-io:master Feb 9, 2023
@cguertin14 cguertin14 mentioned this pull request Mar 16, 2023
Merged
@brandond brandond deleted the apiserver-ip-san branch June 6, 2024 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dereknola dereknola dereknola approved these changes

@briandowns briandowns briandowns approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@brandond @briandowns @dereknola