Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot change apiserver-ips after initial minikube start #9818

Closed
dimara opened this issue Dec 1, 2020 · 9 comments · Fixed by #12692
Closed

Cannot change apiserver-ips after initial minikube start #9818

dimara opened this issue Dec 1, 2020 · 9 comments · Fixed by #12692
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@dimara
Copy link
Contributor

dimara commented Dec 1, 2020

Steps to reproduce the issue:

  1. minikube start --vm-driver=none --apiserver-ips=1.1.1.1 ...
  2. minikube stop
  3. minikube start --vm-driver=none --apiserver-ips=2.2.2.2 ...

The apiserver certificate has still the initial address in its SAN:

openssl x509 -in /var/lib/minikube/apiserver.crt -text
....
        X509v3 extensions:
            ...
            X509v3 Subject Alternative Name: 
                ... IP Address:1.1.1.1, ....

It seems the behavior changed in v1.10 with bee681559b#diff-0e864ab4025634664724909a47c34fbcae246ad52307eaaaa58153f0b256a8b4L345.

While it is possible to modify apiserver-names (that had also issues but fixed recently with #9385) I cannot change apiserver-ips.

What was the rationale behind this change? Is this by design? Is there any way to work around this regression?

Maybe related to #6024.
@medyagh
Copy link
Member

medyagh commented Dec 1, 2020
edited
Loading

@dimara thanks for creating this issue, that might be a bug that we missed in that PR ! I would accept a PR that fixes this.

btw I am curious, what are the real-world reasons that one would want to specify the api server's IPs ?

@medyagh medyagh added kind/bug Categorizes issue or PR as related to a bug. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Dec 1, 2020
@dimara
Copy link
Contributor Author

dimara commented Dec 2, 2020

@medyagh I am currently testing a patch and will submit a PR ASAP. Regarding the real-world reasons for such a feature, we (Arrikto) already use it in MiniKF to access K8s remotely via its public IP over HTTPS. Since the IP is ephemeral and might change we need to be able to update the certs accordingly.

dimara added a commit to arrikto/minikube that referenced this issue Dec 2, 2020
@dimara
Support changing apiserver-ips along with apiserver-names
796772b 
After commit bee6815, we could not change the apiserver-ips after
initial `minikube start`. Revert to previous behavior where both
apiserver-ips and apiserver-names were taken always into account
and certs were updated accordingly.

Closes kubernetes#9818.

Signed-off-by: Dimitris Aragiorgis <dimara@arrikto.com>
dimara added a commit to arrikto/minikube that referenced this issue Dec 2, 2020
@dimara
Support changing apiserver-ips along with apiserver-names
05b917b 
After commit bee6815, we could not change the apiserver-ips after
initial `minikube start`. Revert to previous behavior where both
apiserver-ips and apiserver-names were taken always into account
and certs were updated accordingly.

Closes kubernetes#9818.

Signed-off-by: Dimitris Aragiorgis <dimara@arrikto.com>
@dimara dimara mentioned this issue Dec 7, 2020
Closed
@priyawadhwa
Copy link

This work is in progress in #9876, thank you for working on this @dimara

@spowelljr
Copy link
Member

Just waiting for a CLA to be signed so this bug can be fixed.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 19, 2021
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jun 18, 2021
@andriyDev
Copy link
Contributor

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Jun 23, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 21, 2021
dimara added a commit to arrikto/minikube that referenced this issue Oct 11, 2021
@dimara
Support changing apiserver-ips along with apiserver-names
c8dd187 
After commit bee6815, we could not change the apiserver-ips after
initial `minikube start`. Revert to previous behavior where both
apiserver-ips and apiserver-names were taken always into account
and certs were updated accordingly.

Closes kubernetes#9818.

Signed-off-by: Dimitris Aragiorgis <dimara@arrikto.com>
dimara added a commit to arrikto/minikube that referenced this issue Oct 11, 2021
@dimara
Support changing apiserver-ips along with apiserver-names (kubernetes…
81e4fc0 
…#9818)

After commit bee6815, we could not change the apiserver-ips after
initial `minikube start`. Revert to previous behavior where both
apiserver-ips and apiserver-names were taken always into account
and certs were updated accordingly.

Signed-off-by: Dimitris Aragiorgis <dimara@arrikto.com>
dimara added a commit to arrikto/minikube that referenced this issue Oct 11, 2021
@dimara
Support changing apiserver-ips along with apiserver-names
885b2d2 
After commit bee6815, we could not change the apiserver-ips after
initial `minikube start`. Revert to previous behavior where both
apiserver-ips and apiserver-names were taken always into account
and certs were updated accordingly.

Fixes kubernetes#9818
dimara added a commit to arrikto/minikube that referenced this issue Oct 11, 2021
@dimara
Support changing apiserver-ips when restarting minikube
4535640 
After commit bee6815, we could not change the apiserver-ips after
initial `minikube start`. Revert to previous behavior where both
apiserver-ips and apiserver-names were taken always into account
and certs were updated accordingly.

Fixes kubernetes#9818
@dimara dimara mentioned this issue Oct 11, 2021
Merged
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 21, 2021
@spowelljr spowelljr added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
8 participants
@dimara @medyagh @priyawadhwa @k8s-ci-robot @andriyDev @fejta-bot @spowelljr @k8s-triage-robot