kubernetes · medyagh · Mar 5, 2021 · Feb 28, 2021 · Feb 28, 2021 · Mar 1, 2021
diff --git a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go
@@ -1079,6 +1079,10 @@ func validateFlags(cmd *cobra.Command, drvName string) {
 		validateChangedMemoryFlags(drvName)
 	}
 
+	if cmd.Flags().Changed(listenAddress) {
+		validateListenAddress(viper.GetString(listenAddress))
+	}
+
 	if cmd.Flags().Changed(containerRuntime) {
 		runtime := strings.ToLower(viper.GetString(containerRuntime))
 
@@ -1199,6 +1203,14 @@ func validateRegistryMirror() {
 	}
 }
 
+// This function validates if the --listen-address
+// match the format 0.0.0.0
+func validateListenAddress(listenAddr string) {
+	if len(listenAddr) > 0 && net.ParseIP(listenAddr) == nil {
+		exit.Message(reason.Usage, "Sorry, the IP provided with the --listen-address flag is invalid: {{.listenAddr}}.", out.V{"listenAddr": listenAddr})
+	}
+}
+
 // This function validates that the --insecure-registry follows one of the following formats:
 // "<ip>[:<port>]" "<hostname>[:<port>]" "<network>/<netmask>"
 func validateInsecureRegistry() {

diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go
@@ -116,6 +116,7 @@ const (
 	sshSSHPort              = "ssh-port"
 	defaultSSHUser          = "root"
 	defaultSSHPort          = 22
+	listenAddress           = "listen-address"
 )
 
 var (
@@ -215,6 +216,7 @@ func initDriverFlags() {
 	startCmd.Flags().String(hypervExternalAdapter, "", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)")
 
 	// docker & podman
+	startCmd.Flags().String(listenAddress, "", "IP Address to use to expose ports (docker and podman driver only)")
 	startCmd.Flags().StringSlice(ports, []string{}, "List of ports that should be exposed (docker and podman driver only)")
 }
 
@@ -322,6 +324,7 @@ func generateClusterConfig(cmd *cobra.Command, existing *config.ClusterConfig, k
 			CPUs:                    viper.GetInt(cpus),
 			DiskSize:                diskSize,
 			Driver:                  drvName,
+			ListenAddress:           viper.GetString(listenAddress),
 			HyperkitVpnKitSock:      viper.GetString(vpnkitSock),
 			HyperkitVSockPorts:      viper.GetStringSlice(vsockPorts),
 			NFSShare:                viper.GetStringSlice(nfsShare),

diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go
@@ -42,6 +42,7 @@ import (
 	"k8s.io/minikube/pkg/minikube/download"
 	"k8s.io/minikube/pkg/minikube/driver"
 	"k8s.io/minikube/pkg/minikube/out"
+	"k8s.io/minikube/pkg/minikube/style"
 	"k8s.io/minikube/pkg/minikube/sysinit"
 	"k8s.io/minikube/pkg/util/retry"
 )
@@ -102,8 +103,14 @@ func (d *Driver) Create() error {
 		params.IP = ip.String()
 	}
 	drv := d.DriverName()
+
 	listAddr := oci.DefaultBindIPV4
-	if oci.IsExternalDaemonHost(drv) {
+	if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr {
+		out.Step(style.Tip, "minikube is not meant for production use. You are opening non-local traffic")
+		out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk",
+			out.V{"listenAddr": d.NodeConfig.ListenAddress})
+		listAddr = d.NodeConfig.ListenAddress
+	} else if oci.IsExternalDaemonHost(drv) {
 		out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised",
 			out.V{"host": oci.DaemonHost(drv)})
 		listAddr = "0.0.0.0"

diff --git a/pkg/drivers/kic/types.go b/pkg/drivers/kic/types.go
@@ -62,4 +62,5 @@ type Config struct {
 	ContainerRuntime  string            // container runtime kic is running
 	Network           string            //  network to run with kic
 	ExtraArgs         []string          // a list of any extra option to pass to oci binary during creation time, for example --expose 8080...
+	ListenAddress     string            // IP Address to listen to
 }
diff --git a/pkg/minikube/config/types.go b/pkg/minikube/config/types.go
@@ -77,6 +77,7 @@ type ClusterConfig struct {
 	StartHostTimeout        time.Duration
 	ScheduledStop           *ScheduledStopConfig
 	ExposedPorts            []string // Only used by the docker and podman driver
+	ListenAddress           string   // Only used by the docker and podman driver
 	Network                 string   // only used by docker driver
 	MultiNodeRequested      bool
 }

diff --git a/pkg/minikube/registry/drvs/docker/docker.go b/pkg/minikube/registry/drvs/docker/docker.go
@@ -83,6 +83,7 @@ func configure(cc config.ClusterConfig, n config.Node) (interface{}, error) {
 		ContainerRuntime:  cc.KubernetesConfig.ContainerRuntime,
 		ExtraArgs:         extraArgs,
 		Network:           cc.Network,
+		ListenAddress:     cc.ListenAddress,
 	}), nil
 }
 

diff --git a/pkg/minikube/registry/drvs/podman/podman.go b/pkg/minikube/registry/drvs/podman/podman.go
@@ -89,6 +89,7 @@ func configure(cc config.ClusterConfig, n config.Node) (interface{}, error) {
 		KubernetesVersion: cc.KubernetesConfig.KubernetesVersion,
 		ContainerRuntime:  cc.KubernetesConfig.ContainerRuntime,
 		ExtraArgs:         extraArgs,
+		ListenAddress:     cc.ListenAddress,
 	}), nil
 }
 

diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md
@@ -71,6 +71,7 @@ minikube start [flags]
       --kvm-hidden                        Hide the hypervisor signature from the guest in minikube (kvm2 driver only)
       --kvm-network string                The KVM network name. (kvm2 driver only) (default "default")
       --kvm-qemu-uri string               The KVM QEMU connection URI. (kvm2 driver only) (default "qemu:///system")
+      --listen-address string             IP Address to use to expose ports (docker and podman driver only)
       --memory string                     Amount of RAM to allocate to Kubernetes (format: <number>[<unit>], where unit = b, k, m or g).
       --mount                             This will start the mount daemon and automatically mount files into minikube.
       --mount-string string               The argument to pass the minikube mount command on start.