Kubeconfig: Use user provided ingress https port for token dialer

Current implementation have issue if user provided non default https port because during token creation request goes from api server to auth service which uses default https port and resulted following error for user mode networking (there is no support for customize http/https route for system mode networking) ``` INFO Adding crc-admin and crc-developer contexts to kubeconfig... ERRO Cannot update kubeconfig: Head "https://oauth-openshift.apps-crc.testing": dial tcp 127.0.0.1:443: connect: connection refused ``` With this PR we are passing that https port info to `addContext` function and use it for dialer where we update the port in case request have `oauth-openshift` as part of address which resolve this issue. ``` $ ./crc config view - consent-telemetry : no - enable-bundle-quay-fallback : true - ingress-http-port : 9080 - ingress-https-port : 9443 $ ./crc start --log-level debug [...] level=info msg="Adding crc-admin and crc-developer contexts to kubeconfig..." level=debug msg="Using address: api.crc.testing:6443" level=debug msg="Dialing to 127.0.0.1:6443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" level=debug msg="Using address: api.crc.testing:6443" level=debug msg="Dialing to 127.0.0.1:6443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" [...] ```
crc-org · Oct 13, 2023 · 2484015 · 2484015
1 parent bfb6c66
commit 2484015
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/pkg/crc/machine/kubeconfig.go b/pkg/crc/machine/kubeconfig.go
@@ -10,10 +10,12 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"time"
 
 	"github.com/crc-org/crc/v2/pkg/crc/constants"
+	"github.com/crc-org/crc/v2/pkg/crc/logging"
 	"github.com/crc-org/crc/v2/pkg/crc/machine/types"
 	"github.com/openshift/oc/pkg/helpers/tokencmd"
 	"k8s.io/apimachinery/third_party/forked/golang/netutil"
@@ -46,7 +48,7 @@ func updateClientCrtAndKeyToKubeconfig(clientKey, clientCrt []byte, srcKubeconfi
 	return clientcmd.WriteToFile(*cfg, destKubeconfigPath)
 }
 
-func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig) error {
+func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig, ingressHTTPSPort uint) error {
 	kubeconfig, cfg, err := getGlobalKubeConfig()
 	if err != nil {
 		return err
@@ -65,10 +67,10 @@ func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig) error {
 		CertificateAuthorityData: ca,
 	}
 
-	if err := addContext(cfg, ip, clusterConfig, ca, adminContext, "kubeadmin", clusterConfig.KubeAdminPass); err != nil {
+	if err := addContext(cfg, ip, clusterConfig, ca, adminContext, "kubeadmin", clusterConfig.KubeAdminPass, ingressHTTPSPort); err != nil {
 		return err
 	}
-	if err := addContext(cfg, ip, clusterConfig, ca, developerContext, "developer", "developer"); err != nil {
+	if err := addContext(cfg, ip, clusterConfig, ca, developerContext, "developer", "developer", ingressHTTPSPort); err != nil {
 		return err
 	}
 
@@ -126,7 +128,7 @@ func hostname(clusterAPI string) (string, error) {
 	return strings.ReplaceAll(h, ".", "-"), nil
 }
 
-func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, ca []byte, context, username, password string) error {
+func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, ca []byte, context, username, password string, ingressHTTPSPort uint) error {
 	host, err := hostname(clusterConfig.ClusterAPI)
 	if err != nil {
 		return err
@@ -145,11 +147,19 @@ func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig,
 				MinVersion: tls.VersionTLS12,
 			},
 			DialContext: func(ctx gocontext.Context, network, address string) (net.Conn, error) {
-				port := strings.SplitN(address, ":", 2)[1]
+				logging.Debugf("Using address: %s", address)
+				hostname, port, err := net.SplitHostPort(address)
+				if err != nil {
+					return nil, err
+				}
+				if strings.HasSuffix(hostname, constants.AppsDomain) {
+					port = strconv.Itoa(int(ingressHTTPSPort))
+				}
 				dialer := net.Dialer{
 					Timeout:   30 * time.Second,
 					KeepAlive: 30 * time.Second,
 				}
+				logging.Debugf("Dialing to %s:%s", ip, port)
 				return dialer.Dial(network, fmt.Sprintf("%s:%s", ip, port))
 			},
 		},

diff --git a/pkg/crc/machine/start.go b/pkg/crc/machine/start.go
@@ -683,7 +683,7 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 	}
 
 	logging.Info("Adding crc-admin and crc-developer contexts to kubeconfig...")
-	if err := writeKubeconfig(instanceIP, clusterConfig); err != nil {
+	if err := writeKubeconfig(instanceIP, clusterConfig, startConfig.IngressHTTPSPort); err != nil {
 		logging.Errorf("Cannot update kubeconfig: %v", err)
 	}