diff --git a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go index 217fcd4b5be3..b15a1d5eee2c 100644 --- a/cmd/minikube/cmd/start.go +++ b/cmd/minikube/cmd/start.go @@ -1079,6 +1079,10 @@ func validateFlags(cmd *cobra.Command, drvName string) { validateChangedMemoryFlags(drvName) } + if cmd.Flags().Changed(listenAddress) { + validateListenAddress(viper.GetString(listenAddress)) + } + if cmd.Flags().Changed(containerRuntime) { runtime := strings.ToLower(viper.GetString(containerRuntime)) @@ -1199,6 +1203,14 @@ func validateRegistryMirror() { } } +// This function validates if the --listen-address +// match the format 0.0.0.0 +func validateListenAddress(listenAddr string) { + if len(listenAddr) > 0 && net.ParseIP(listenAddr) == nil { + exit.Message(reason.Usage, "Sorry, the IP provided with the --listen-address flag is invalid: {{.listenAddr}}.", out.V{"listenAddr": listenAddr}) + } +} + // This function validates that the --insecure-registry follows one of the following formats: // "[:]" "[:]" "/" func validateInsecureRegistry() { diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index 3f0bca586eea..1a960b1b34ed 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -116,6 +116,7 @@ const ( sshSSHPort = "ssh-port" defaultSSHUser = "root" defaultSSHPort = 22 + listenAddress = "listen-address" ) var ( @@ -215,6 +216,7 @@ func initDriverFlags() { startCmd.Flags().String(hypervExternalAdapter, "", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)") // docker & podman + startCmd.Flags().String(listenAddress, "", "IP Address to use to expose ports (docker and podman driver only)") startCmd.Flags().StringSlice(ports, []string{}, "List of ports that should be exposed (docker and podman driver only)") } @@ -322,6 +324,7 @@ func generateClusterConfig(cmd *cobra.Command, existing *config.ClusterConfig, k CPUs: viper.GetInt(cpus), DiskSize: diskSize, Driver: drvName, + ListenAddress: viper.GetString(listenAddress), HyperkitVpnKitSock: viper.GetString(vpnkitSock), HyperkitVSockPorts: viper.GetStringSlice(vsockPorts), NFSShare: viper.GetStringSlice(nfsShare), diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index 5fd6637a7bed..17a3b0eacd51 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -42,6 +42,7 @@ import ( "k8s.io/minikube/pkg/minikube/download" "k8s.io/minikube/pkg/minikube/driver" "k8s.io/minikube/pkg/minikube/out" + "k8s.io/minikube/pkg/minikube/style" "k8s.io/minikube/pkg/minikube/sysinit" "k8s.io/minikube/pkg/util/retry" ) @@ -102,8 +103,14 @@ func (d *Driver) Create() error { params.IP = ip.String() } drv := d.DriverName() + listAddr := oci.DefaultBindIPV4 - if oci.IsExternalDaemonHost(drv) { + if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr { + out.Step(style.Tip, "minikube is not meant for production use. You are opening non-local traffic") + out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk", + out.V{"listenAddr": d.NodeConfig.ListenAddress}) + listAddr = d.NodeConfig.ListenAddress + } else if oci.IsExternalDaemonHost(drv) { out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised", out.V{"host": oci.DaemonHost(drv)}) listAddr = "0.0.0.0" diff --git a/pkg/drivers/kic/types.go b/pkg/drivers/kic/types.go index 724b601d155e..9458f3ebd80f 100644 --- a/pkg/drivers/kic/types.go +++ b/pkg/drivers/kic/types.go @@ -62,4 +62,5 @@ type Config struct { ContainerRuntime string // container runtime kic is running Network string // network to run with kic ExtraArgs []string // a list of any extra option to pass to oci binary during creation time, for example --expose 8080... + ListenAddress string // IP Address to listen to } diff --git a/pkg/minikube/config/types.go b/pkg/minikube/config/types.go index fe533bf0a7e9..c1017aca9fe4 100644 --- a/pkg/minikube/config/types.go +++ b/pkg/minikube/config/types.go @@ -77,6 +77,7 @@ type ClusterConfig struct { StartHostTimeout time.Duration ScheduledStop *ScheduledStopConfig ExposedPorts []string // Only used by the docker and podman driver + ListenAddress string // Only used by the docker and podman driver Network string // only used by docker driver MultiNodeRequested bool } diff --git a/pkg/minikube/registry/drvs/docker/docker.go b/pkg/minikube/registry/drvs/docker/docker.go index d29904a9b813..fce146e48a34 100644 --- a/pkg/minikube/registry/drvs/docker/docker.go +++ b/pkg/minikube/registry/drvs/docker/docker.go @@ -83,6 +83,7 @@ func configure(cc config.ClusterConfig, n config.Node) (interface{}, error) { ContainerRuntime: cc.KubernetesConfig.ContainerRuntime, ExtraArgs: extraArgs, Network: cc.Network, + ListenAddress: cc.ListenAddress, }), nil } diff --git a/pkg/minikube/registry/drvs/podman/podman.go b/pkg/minikube/registry/drvs/podman/podman.go index ef74aac63b74..413ba05070f9 100644 --- a/pkg/minikube/registry/drvs/podman/podman.go +++ b/pkg/minikube/registry/drvs/podman/podman.go @@ -89,6 +89,7 @@ func configure(cc config.ClusterConfig, n config.Node) (interface{}, error) { KubernetesVersion: cc.KubernetesConfig.KubernetesVersion, ContainerRuntime: cc.KubernetesConfig.ContainerRuntime, ExtraArgs: extraArgs, + ListenAddress: cc.ListenAddress, }), nil } diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index 9c6cd5a7e7a9..95641a525a89 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -71,6 +71,7 @@ minikube start [flags] --kvm-hidden Hide the hypervisor signature from the guest in minikube (kvm2 driver only) --kvm-network string The KVM network name. (kvm2 driver only) (default "default") --kvm-qemu-uri string The KVM QEMU connection URI. (kvm2 driver only) (default "qemu:///system") + --listen-address string IP Address to use to expose ports (docker and podman driver only) --memory string Amount of RAM to allocate to Kubernetes (format: [], where unit = b, k, m or g). --mount This will start the mount daemon and automatically mount files into minikube. --mount-string string The argument to pass the minikube mount command on start.