From 2484015d8898a0d31313cb4bd558c0d76753cf95 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 9 Oct 2023 21:22:16 +0530 Subject: [PATCH] Kubeconfig: Use user provided ingress https port for token dialer Current implementation have issue if user provided non default https port because during token creation request goes from api server to auth service which uses default https port and resulted following error for user mode networking (there is no support for customize http/https route for system mode networking) ``` INFO Adding crc-admin and crc-developer contexts to kubeconfig... ERRO Cannot update kubeconfig: Head "https://oauth-openshift.apps-crc.testing": dial tcp 127.0.0.1:443: connect: connection refused ``` With this PR we are passing that https port info to `addContext` function and use it for dialer where we update the port in case request have `oauth-openshift` as part of address which resolve this issue. ``` $ ./crc config view - consent-telemetry : no - enable-bundle-quay-fallback : true - ingress-http-port : 9080 - ingress-https-port : 9443 $ ./crc start --log-level debug [...] level=info msg="Adding crc-admin and crc-developer contexts to kubeconfig..." level=debug msg="Using address: api.crc.testing:6443" level=debug msg="Dialing to 127.0.0.1:6443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" level=debug msg="Using address: api.crc.testing:6443" level=debug msg="Dialing to 127.0.0.1:6443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" level=debug msg="Using address: oauth-openshift.apps-crc.testing:443" level=debug msg="Dialing to 127.0.0.1:9443" [...] ``` --- pkg/crc/machine/kubeconfig.go | 20 +++++++++++++++----- pkg/crc/machine/start.go | 2 +- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/pkg/crc/machine/kubeconfig.go b/pkg/crc/machine/kubeconfig.go index 94d9c0d91a..0a0cafc773 100644 --- a/pkg/crc/machine/kubeconfig.go +++ b/pkg/crc/machine/kubeconfig.go @@ -10,10 +10,12 @@ import ( "net/url" "os" "path/filepath" + "strconv" "strings" "time" "github.com/crc-org/crc/v2/pkg/crc/constants" + "github.com/crc-org/crc/v2/pkg/crc/logging" "github.com/crc-org/crc/v2/pkg/crc/machine/types" "github.com/openshift/oc/pkg/helpers/tokencmd" "k8s.io/apimachinery/third_party/forked/golang/netutil" @@ -46,7 +48,7 @@ func updateClientCrtAndKeyToKubeconfig(clientKey, clientCrt []byte, srcKubeconfi return clientcmd.WriteToFile(*cfg, destKubeconfigPath) } -func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig) error { +func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig, ingressHTTPSPort uint) error { kubeconfig, cfg, err := getGlobalKubeConfig() if err != nil { return err @@ -65,10 +67,10 @@ func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig) error { CertificateAuthorityData: ca, } - if err := addContext(cfg, ip, clusterConfig, ca, adminContext, "kubeadmin", clusterConfig.KubeAdminPass); err != nil { + if err := addContext(cfg, ip, clusterConfig, ca, adminContext, "kubeadmin", clusterConfig.KubeAdminPass, ingressHTTPSPort); err != nil { return err } - if err := addContext(cfg, ip, clusterConfig, ca, developerContext, "developer", "developer"); err != nil { + if err := addContext(cfg, ip, clusterConfig, ca, developerContext, "developer", "developer", ingressHTTPSPort); err != nil { return err } @@ -126,7 +128,7 @@ func hostname(clusterAPI string) (string, error) { return strings.ReplaceAll(h, ".", "-"), nil } -func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, ca []byte, context, username, password string) error { +func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, ca []byte, context, username, password string, ingressHTTPSPort uint) error { host, err := hostname(clusterConfig.ClusterAPI) if err != nil { return err @@ -145,11 +147,19 @@ func addContext(cfg *api.Config, ip string, clusterConfig *types.ClusterConfig, MinVersion: tls.VersionTLS12, }, DialContext: func(ctx gocontext.Context, network, address string) (net.Conn, error) { - port := strings.SplitN(address, ":", 2)[1] + logging.Debugf("Using address: %s", address) + hostname, port, err := net.SplitHostPort(address) + if err != nil { + return nil, err + } + if strings.HasSuffix(hostname, constants.AppsDomain) { + port = strconv.Itoa(int(ingressHTTPSPort)) + } dialer := net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, } + logging.Debugf("Dialing to %s:%s", ip, port) return dialer.Dial(network, fmt.Sprintf("%s:%s", ip, port)) }, }, diff --git a/pkg/crc/machine/start.go b/pkg/crc/machine/start.go index a4513cc77b..967f0b2512 100644 --- a/pkg/crc/machine/start.go +++ b/pkg/crc/machine/start.go @@ -683,7 +683,7 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig) } logging.Info("Adding crc-admin and crc-developer contexts to kubeconfig...") - if err := writeKubeconfig(instanceIP, clusterConfig); err != nil { + if err := writeKubeconfig(instanceIP, clusterConfig, startConfig.IngressHTTPSPort); err != nil { logging.Errorf("Cannot update kubeconfig: %v", err) }