Skip to content

Commit

Permalink
Kubeconfig: Use user provided ingress https port for token dialer
Browse files Browse the repository at this point in the history
Current implementation have issue if user provided non default https
port because during token creation request goes from api server to auth
service which uses default https port and resulted following error for
user mode networking (there is no support for customize http/https route
for system mode networking)
```
INFO Adding crc-admin and crc-developer contexts to kubeconfig...
ERRO Cannot update kubeconfig: Head "https://oauth-openshift.apps-crc.testing": dial tcp 127.0.0.1:443: connect: connection refused
```

With this PR we are passing that https port info to `addContext`
function and use it for dialer where we update the port in case request
have `oauth-openshift` as part of address which resolve this issue.
```
$ ./crc config view
- consent-telemetry                     : no
- enable-bundle-quay-fallback           : true
- ingress-http-port                     : 9080
- ingress-https-port                    : 9443

$ ./crc start --log-level debug
[...]
level=info msg="Adding crc-admin and crc-developer contexts to kubeconfig..."
level=debug msg="Using address: api.crc.testing:6443"
level=debug msg="Dialing to 127.0.0.1:6443"
level=debug msg="Using address: oauth-openshift.apps-crc.testing:443"
level=debug msg="Dialing to 127.0.0.1:9443"
level=debug msg="Using address: oauth-openshift.apps-crc.testing:443"
level=debug msg="Dialing to 127.0.0.1:9443"
level=debug msg="Using address: api.crc.testing:6443"
level=debug msg="Dialing to 127.0.0.1:6443"
level=debug msg="Using address: oauth-openshift.apps-crc.testing:443"
level=debug msg="Dialing to 127.0.0.1:9443"
level=debug msg="Using address: oauth-openshift.apps-crc.testing:443"
level=debug msg="Dialing to 127.0.0.1:9443"
[...]
```
  • Loading branch information
praveenkumar committed Oct 13, 2023
1 parent bfb6c66 commit 2484015
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 6 deletions.
20 changes: 15 additions & 5 deletions pkg/crc/machine/kubeconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@ import (
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
"time"

"github.com/crc-org/crc/v2/pkg/crc/constants"
"github.com/crc-org/crc/v2/pkg/crc/logging"
"github.com/crc-org/crc/v2/pkg/crc/machine/types"
"github.com/openshift/oc/pkg/helpers/tokencmd"
"k8s.io/apimachinery/third_party/forked/golang/netutil"
Expand Down Expand Up @@ -46,7 +48,7 @@ func updateClientCrtAndKeyToKubeconfig(clientKey, clientCrt []byte, srcKubeconfi
return clientcmd.WriteToFile(*cfg, destKubeconfigPath)
}

func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig) error {
func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig, ingressHTTPSPort uint) error {
kubeconfig, cfg, err := getGlobalKubeConfig()
if err != nil {
return err
Expand All @@ -65,10 +67,10 @@ func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig) error {
CertificateAuthorityData: ca,
}

if err := addContext(cfg, ip, clusterConfig, ca, adminContext, "kubeadmin", clusterConfig.KubeAdminPass); err != nil {
if err := addContext(cfg, ip, clusterConfig, ca, adminContext, "kubeadmin", clusterConfig.KubeAdminPass, ingressHTTPSPort); err != nil {
return err
}
if err := addContext(cfg, ip, clusterConfig, ca, developerContext, "developer", "developer"); err != nil {
if err := addContext(cfg, ip, clusterConfig, ca, developerContext, "developer", "developer", ingressHTTPSPort); err != nil {
return err
}

Expand Down Expand Up @@ -126,7 +128,7 @@ func hostname(clusterAPI string) (string, error) {
return strings.ReplaceAll(h, ".", "-"), nil
}

func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, ca []byte, context, username, password string) error {
func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, ca []byte, context, username, password string, ingressHTTPSPort uint) error {
host, err := hostname(clusterConfig.ClusterAPI)
if err != nil {
return err
Expand All @@ -145,11 +147,19 @@ func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig,
MinVersion: tls.VersionTLS12,
},
DialContext: func(ctx gocontext.Context, network, address string) (net.Conn, error) {
port := strings.SplitN(address, ":", 2)[1]
logging.Debugf("Using address: %s", address)
hostname, port, err := net.SplitHostPort(address)
if err != nil {
return nil, err
}
if strings.HasSuffix(hostname, constants.AppsDomain) {
port = strconv.Itoa(int(ingressHTTPSPort))
}
dialer := net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}
logging.Debugf("Dialing to %s:%s", ip, port)
return dialer.Dial(network, fmt.Sprintf("%s:%s", ip, port))
},
},
Expand Down
2 changes: 1 addition & 1 deletion pkg/crc/machine/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -683,7 +683,7 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
}

logging.Info("Adding crc-admin and crc-developer contexts to kubeconfig...")
if err := writeKubeconfig(instanceIP, clusterConfig); err != nil {
if err := writeKubeconfig(instanceIP, clusterConfig, startConfig.IngressHTTPSPort); err != nil {
logging.Errorf("Cannot update kubeconfig: %v", err)
}

Expand Down

0 comments on commit 2484015

Please sign in to comment.