-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flexible handling of IPv6 address formats for bind_address of spire-server and health-checks #5623
Conversation
Signed-off-by: Szilard Vincze <szilard.vincze@est.tech>
A little hesitant to take this change since |
Hi @azdagron, thanks for checking this PR.
I see your point and it was my first reaction too when I bumped into this problem. But as I checked the configuration and the code I found that In my opinion this PR should be taken to handle the IPv6 addresses in a consistent way in spire. |
Ah, i misunderstood. Yes, I agree SPIRE should handle this gracefully. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @szvincze for this contribution!
@szvincze could you please update the branch with the latest from the main branch so we can merge it? |
Done. |
Pull Request check list
Affected functionality
Configuration of bind_address for spire-server and health-checks.
We use status.podIP field in the configuration file to automatically set the bind address and similarly for health-check's too. It causes the following fault if the pod IP is an IPv6 address because it comes without square brackets:
could not resolve bind address ":::8081": address :::8081: too many colons in address
Similar happens in the health subsystem when the health check address is an IPv6 address in the same format:
Description of change
The string concatenation is replaced by net.JoinHostPort function that properly formats the IPv6 addresses too.
IPv6 addresses formatted this way are accepted for both spire-server and health-check bind_address and the automation works fine: