From cb116e4c1cf7314278362559ad75aab3f8b1893f Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Sun, 28 Feb 2021 23:01:35 +0100 Subject: [PATCH 01/11] Add --listen-address for docker driver --- cmd/minikube/cmd/start_flags.go | 3 +++ pkg/drivers/kic/kic.go | 7 ++++++- pkg/drivers/kic/types.go | 1 + pkg/minikube/config/types.go | 1 + pkg/minikube/registry/drvs/docker/docker.go | 1 + 5 files changed, 12 insertions(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index 3f0bca586eea..be0bf970d5ff 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -116,6 +116,7 @@ const ( sshSSHPort = "ssh-port" defaultSSHUser = "root" defaultSSHPort = 22 + listenAddress = "listen-address" ) var ( @@ -215,6 +216,7 @@ func initDriverFlags() { startCmd.Flags().String(hypervExternalAdapter, "", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)") // docker & podman + startCmd.Flags().String(listenAddress, "", fmt.Sprintf("IP Address to use to expose ports (docker driver only)")) startCmd.Flags().StringSlice(ports, []string{}, "List of ports that should be exposed (docker and podman driver only)") } @@ -322,6 +324,7 @@ func generateClusterConfig(cmd *cobra.Command, existing *config.ClusterConfig, k CPUs: viper.GetInt(cpus), DiskSize: diskSize, Driver: drvName, + ListenAddress: viper.GetString(listenAddress), HyperkitVpnKitSock: viper.GetString(vpnkitSock), HyperkitVSockPorts: viper.GetStringSlice(vsockPorts), NFSShare: viper.GetStringSlice(nfsShare), diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index 5fd6637a7bed..b47cf7140428 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -102,8 +102,13 @@ func (d *Driver) Create() error { params.IP = ip.String() } drv := d.DriverName() + listAddr := oci.DefaultBindIPV4 - if oci.IsExternalDaemonHost(drv) { + if d.NodeConfig.ListenAddress != "" { + out.WarningT("Listening to {{.listenAddr}}. Please be advised", + out.V{"listenAddr": d.NodeConfig.ListenAddress}) + listAddr = d.NodeConfig.ListenAddress + } else if oci.IsExternalDaemonHost(drv) { out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised", out.V{"host": oci.DaemonHost(drv)}) listAddr = "0.0.0.0" diff --git a/pkg/drivers/kic/types.go b/pkg/drivers/kic/types.go index 724b601d155e..9458f3ebd80f 100644 --- a/pkg/drivers/kic/types.go +++ b/pkg/drivers/kic/types.go @@ -62,4 +62,5 @@ type Config struct { ContainerRuntime string // container runtime kic is running Network string // network to run with kic ExtraArgs []string // a list of any extra option to pass to oci binary during creation time, for example --expose 8080... + ListenAddress string // IP Address to listen to } diff --git a/pkg/minikube/config/types.go b/pkg/minikube/config/types.go index fe533bf0a7e9..7da97869eed4 100644 --- a/pkg/minikube/config/types.go +++ b/pkg/minikube/config/types.go @@ -78,6 +78,7 @@ type ClusterConfig struct { ScheduledStop *ScheduledStopConfig ExposedPorts []string // Only used by the docker and podman driver Network string // only used by docker driver + ListenAddress string // Only used by docker driver MultiNodeRequested bool } diff --git a/pkg/minikube/registry/drvs/docker/docker.go b/pkg/minikube/registry/drvs/docker/docker.go index d29904a9b813..fce146e48a34 100644 --- a/pkg/minikube/registry/drvs/docker/docker.go +++ b/pkg/minikube/registry/drvs/docker/docker.go @@ -83,6 +83,7 @@ func configure(cc config.ClusterConfig, n config.Node) (interface{}, error) { ContainerRuntime: cc.KubernetesConfig.ContainerRuntime, ExtraArgs: extraArgs, Network: cc.Network, + ListenAddress: cc.ListenAddress, }), nil } From 98633b7e55ff54c89b775c4d9f279393b204d45d Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Sun, 28 Feb 2021 23:30:26 +0100 Subject: [PATCH 02/11] Remove unnecessary fmt.Sprintf usage --- cmd/minikube/cmd/start_flags.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index be0bf970d5ff..0fd9406a99b3 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -216,7 +216,7 @@ func initDriverFlags() { startCmd.Flags().String(hypervExternalAdapter, "", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)") // docker & podman - startCmd.Flags().String(listenAddress, "", fmt.Sprintf("IP Address to use to expose ports (docker driver only)")) + startCmd.Flags().String(listenAddress, "", "IP Address to use to expose ports (docker driver only)") startCmd.Flags().StringSlice(ports, []string{}, "List of ports that should be exposed (docker and podman driver only)") } From 6604c9254a6a5eb3e4ffad4b8f04dd46436a490d Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Mon, 1 Mar 2021 16:51:15 +0100 Subject: [PATCH 03/11] Generate docs to add --listen-address --- site/content/en/docs/commands/start.md | 1 + 1 file changed, 1 insertion(+) diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index 9c6cd5a7e7a9..7f4bf63becca 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -71,6 +71,7 @@ minikube start [flags] --kvm-hidden Hide the hypervisor signature from the guest in minikube (kvm2 driver only) --kvm-network string The KVM network name. (kvm2 driver only) (default "default") --kvm-qemu-uri string The KVM QEMU connection URI. (kvm2 driver only) (default "qemu:///system") + --listen-address string IP Address to use to expose ports (docker driver only) --memory string Amount of RAM to allocate to Kubernetes (format: [], where unit = b, k, m or g). --mount This will start the mount daemon and automatically mount files into minikube. --mount-string string The argument to pass the minikube mount command on start. From ca81de183f8af285c61838c2eb1eda734225768b Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Mon, 1 Mar 2021 21:08:59 +0100 Subject: [PATCH 04/11] Add --listen-address validation --- cmd/minikube/cmd/start.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go index 217fcd4b5be3..b15a1d5eee2c 100644 --- a/cmd/minikube/cmd/start.go +++ b/cmd/minikube/cmd/start.go @@ -1079,6 +1079,10 @@ func validateFlags(cmd *cobra.Command, drvName string) { validateChangedMemoryFlags(drvName) } + if cmd.Flags().Changed(listenAddress) { + validateListenAddress(viper.GetString(listenAddress)) + } + if cmd.Flags().Changed(containerRuntime) { runtime := strings.ToLower(viper.GetString(containerRuntime)) @@ -1199,6 +1203,14 @@ func validateRegistryMirror() { } } +// This function validates if the --listen-address +// match the format 0.0.0.0 +func validateListenAddress(listenAddr string) { + if len(listenAddr) > 0 && net.ParseIP(listenAddr) == nil { + exit.Message(reason.Usage, "Sorry, the IP provided with the --listen-address flag is invalid: {{.listenAddr}}.", out.V{"listenAddr": listenAddr}) + } +} + // This function validates that the --insecure-registry follows one of the following formats: // "[:]" "[:]" "/" func validateInsecureRegistry() { From 21636a5466bcbbc89dcfe72ebd6f58a049d27fa6 Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Mon, 1 Mar 2021 21:52:42 +0100 Subject: [PATCH 05/11] Move docker only flag to its own area Confusing to keep it under "docker & podman" when it's only for docker. --- cmd/minikube/cmd/start_flags.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index 0fd9406a99b3..b307932d3a03 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -215,8 +215,10 @@ func initDriverFlags() { startCmd.Flags().Bool(hypervUseExternalSwitch, false, "Whether to use external switch over Default Switch if virtual switch not explicitly specified. (hyperv driver only)") startCmd.Flags().String(hypervExternalAdapter, "", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)") - // docker & podman + // docker startCmd.Flags().String(listenAddress, "", "IP Address to use to expose ports (docker driver only)") + + // docker & podman startCmd.Flags().StringSlice(ports, []string{}, "List of ports that should be exposed (docker and podman driver only)") } From bad8561d0de78e8a764dabb6a3b6d2553f9ea36d Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Mon, 1 Mar 2021 23:06:13 +0100 Subject: [PATCH 06/11] Skip custom listenAddress if equal to default --- pkg/drivers/kic/kic.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index b47cf7140428..56f6fe1e551e 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -104,7 +104,7 @@ func (d *Driver) Create() error { drv := d.DriverName() listAddr := oci.DefaultBindIPV4 - if d.NodeConfig.ListenAddress != "" { + if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr { out.WarningT("Listening to {{.listenAddr}}. Please be advised", out.V{"listenAddr": d.NodeConfig.ListenAddress}) listAddr = d.NodeConfig.ListenAddress From 9b5a96e76d6704cc02e0d4dbf963b7e8985b4652 Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Mon, 1 Mar 2021 23:09:58 +0100 Subject: [PATCH 07/11] Make warning more informative for --listen-address --- pkg/drivers/kic/kic.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index 56f6fe1e551e..39c56b3cb3d3 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -105,7 +105,7 @@ func (d *Driver) Create() error { listAddr := oci.DefaultBindIPV4 if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr { - out.WarningT("Listening to {{.listenAddr}}. Please be advised", + out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk", out.V{"listenAddr": d.NodeConfig.ListenAddress}) listAddr = d.NodeConfig.ListenAddress } else if oci.IsExternalDaemonHost(drv) { From bb5bf9546c5750e45db51b5e11fbe8ddba8b99d1 Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Tue, 2 Mar 2021 20:21:39 +0100 Subject: [PATCH 08/11] Add info message about not using it for production To add more context to the warning message for --listen-address --- pkg/drivers/kic/kic.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index 39c56b3cb3d3..6158ae33883f 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -107,6 +107,7 @@ func (d *Driver) Create() error { if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr { out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk", out.V{"listenAddr": d.NodeConfig.ListenAddress}) + out.Infof("minikube is not meant for production use. you are opening non-local traffic") listAddr = d.NodeConfig.ListenAddress } else if oci.IsExternalDaemonHost(drv) { out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised", From 29a7145e9da9b9e35e04a93c14126080ce8e0aec Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Tue, 2 Mar 2021 20:35:38 +0100 Subject: [PATCH 09/11] Add podman support for --listen-address --- cmd/minikube/cmd/start_flags.go | 4 +--- pkg/minikube/config/types.go | 2 +- pkg/minikube/registry/drvs/podman/podman.go | 1 + site/content/en/docs/commands/start.md | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index b307932d3a03..1a960b1b34ed 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -215,10 +215,8 @@ func initDriverFlags() { startCmd.Flags().Bool(hypervUseExternalSwitch, false, "Whether to use external switch over Default Switch if virtual switch not explicitly specified. (hyperv driver only)") startCmd.Flags().String(hypervExternalAdapter, "", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)") - // docker - startCmd.Flags().String(listenAddress, "", "IP Address to use to expose ports (docker driver only)") - // docker & podman + startCmd.Flags().String(listenAddress, "", "IP Address to use to expose ports (docker and podman driver only)") startCmd.Flags().StringSlice(ports, []string{}, "List of ports that should be exposed (docker and podman driver only)") } diff --git a/pkg/minikube/config/types.go b/pkg/minikube/config/types.go index 7da97869eed4..c1017aca9fe4 100644 --- a/pkg/minikube/config/types.go +++ b/pkg/minikube/config/types.go @@ -77,8 +77,8 @@ type ClusterConfig struct { StartHostTimeout time.Duration ScheduledStop *ScheduledStopConfig ExposedPorts []string // Only used by the docker and podman driver + ListenAddress string // Only used by the docker and podman driver Network string // only used by docker driver - ListenAddress string // Only used by docker driver MultiNodeRequested bool } diff --git a/pkg/minikube/registry/drvs/podman/podman.go b/pkg/minikube/registry/drvs/podman/podman.go index ef74aac63b74..413ba05070f9 100644 --- a/pkg/minikube/registry/drvs/podman/podman.go +++ b/pkg/minikube/registry/drvs/podman/podman.go @@ -89,6 +89,7 @@ func configure(cc config.ClusterConfig, n config.Node) (interface{}, error) { KubernetesVersion: cc.KubernetesConfig.KubernetesVersion, ContainerRuntime: cc.KubernetesConfig.ContainerRuntime, ExtraArgs: extraArgs, + ListenAddress: cc.ListenAddress, }), nil } diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index 7f4bf63becca..95641a525a89 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -71,7 +71,7 @@ minikube start [flags] --kvm-hidden Hide the hypervisor signature from the guest in minikube (kvm2 driver only) --kvm-network string The KVM network name. (kvm2 driver only) (default "default") --kvm-qemu-uri string The KVM QEMU connection URI. (kvm2 driver only) (default "qemu:///system") - --listen-address string IP Address to use to expose ports (docker driver only) + --listen-address string IP Address to use to expose ports (docker and podman driver only) --memory string Amount of RAM to allocate to Kubernetes (format: [], where unit = b, k, m or g). --mount This will start the mount daemon and automatically mount files into minikube. --mount-string string The argument to pass the minikube mount command on start. From 0d1d169bf63d59d61bc63c29fd674ef1a5918823 Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Wed, 3 Mar 2021 17:07:23 +0100 Subject: [PATCH 10/11] Set non-local traffic message as a Tip message To stay consistent with other messages. Also moved it above the warning message regarding what IP is set as listen-address to make more sense in the message flow. --- pkg/drivers/kic/kic.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index 6158ae33883f..8086e1ba0b28 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -42,6 +42,7 @@ import ( "k8s.io/minikube/pkg/minikube/download" "k8s.io/minikube/pkg/minikube/driver" "k8s.io/minikube/pkg/minikube/out" + "k8s.io/minikube/pkg/minikube/style" "k8s.io/minikube/pkg/minikube/sysinit" "k8s.io/minikube/pkg/util/retry" ) @@ -105,9 +106,9 @@ func (d *Driver) Create() error { listAddr := oci.DefaultBindIPV4 if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr { + out.Step(style.Tip, "Minikube is not meant for production use. You are opening non-local traffic") out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk", out.V{"listenAddr": d.NodeConfig.ListenAddress}) - out.Infof("minikube is not meant for production use. you are opening non-local traffic") listAddr = d.NodeConfig.ListenAddress } else if oci.IsExternalDaemonHost(drv) { out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised", From 3110bd15fcbcc8cee5ab593848418c373c9d08c6 Mon Sep 17 00:00:00 2001 From: Patrik Freij Date: Fri, 5 Mar 2021 15:50:52 +0100 Subject: [PATCH 11/11] Lowercase minikube in information message --- pkg/drivers/kic/kic.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go index 8086e1ba0b28..17a3b0eacd51 100644 --- a/pkg/drivers/kic/kic.go +++ b/pkg/drivers/kic/kic.go @@ -106,7 +106,7 @@ func (d *Driver) Create() error { listAddr := oci.DefaultBindIPV4 if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr { - out.Step(style.Tip, "Minikube is not meant for production use. You are opening non-local traffic") + out.Step(style.Tip, "minikube is not meant for production use. You are opening non-local traffic") out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk", out.V{"listenAddr": d.NodeConfig.ListenAddress}) listAddr = d.NodeConfig.ListenAddress