run hack/update-netparse-cve.sh
This commit is contained in:
Antonio Ojea
@@ -96,14 +96,14 @@ func startNodeIpamController(ccmConfig *cloudcontrollerconfig.CompletedConfig, n
|
||||
|
||||
// service cidr processing
|
||||
if len(strings.TrimSpace(nodeIPAMConfig.ServiceCIDR)) != 0 {
|
||||
_, serviceCIDR, err = net.ParseCIDR(nodeIPAMConfig.ServiceCIDR)
|
||||
_, serviceCIDR, err = netutils.ParseCIDRSloppy(nodeIPAMConfig.ServiceCIDR)
|
||||
if err != nil {
|
||||
klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", nodeIPAMConfig.ServiceCIDR, err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(strings.TrimSpace(nodeIPAMConfig.SecondaryServiceCIDR)) != 0 {
|
||||
_, secondaryServiceCIDR, err = net.ParseCIDR(nodeIPAMConfig.SecondaryServiceCIDR)
|
||||
_, secondaryServiceCIDR, err = netutils.ParseCIDRSloppy(nodeIPAMConfig.SecondaryServiceCIDR)
|
||||
if err != nil {
|
||||
klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", nodeIPAMConfig.SecondaryServiceCIDR, err)
|
||||
}
|
||||
|
||||
@@ -39,6 +39,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/controlplane/reconcilers"
|
||||
kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
|
||||
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func TestAddFlags(t *testing.T) {
|
||||
@@ -124,12 +125,12 @@ func TestAddFlags(t *testing.T) {
|
||||
// This is a snapshot of expected options parsed by args.
|
||||
expected := &ServerRunOptions{
|
||||
ServiceNodePortRange: kubeoptions.DefaultServiceNodePortRange,
|
||||
ServiceClusterIPRanges: (&net.IPNet{IP: net.ParseIP("192.168.128.0"), Mask: net.CIDRMask(17, 32)}).String(),
|
||||
ServiceClusterIPRanges: (&net.IPNet{IP: netutils.ParseIPSloppy("192.168.128.0"), Mask: net.CIDRMask(17, 32)}).String(),
|
||||
MasterCount: 5,
|
||||
EndpointReconcilerType: string(reconcilers.LeaseEndpointReconcilerType),
|
||||
AllowPrivileged: false,
|
||||
GenericServerRunOptions: &apiserveroptions.ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
@@ -175,7 +176,7 @@ func TestAddFlags(t *testing.T) {
|
||||
DefaultWatchCacheSize: 100,
|
||||
},
|
||||
SecureServing: (&apiserveroptions.SecureServingOptions{
|
||||
BindAddress: net.ParseIP("192.168.10.20"),
|
||||
BindAddress: netutils.ParseIPSloppy("192.168.10.20"),
|
||||
BindPort: 6443,
|
||||
ServerCert: apiserveroptions.GeneratableKeyCert{
|
||||
CertDirectory: "/var/run/kubernetes",
|
||||
|
||||
@@ -23,6 +23,7 @@ import (
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
featuregatetesting "k8s.io/component-base/featuregate/testing"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func makeOptionsWithCIDRs(serviceCIDR string, secondaryServiceCIDR string) *ServerRunOptions {
|
||||
@@ -33,14 +34,14 @@ func makeOptionsWithCIDRs(serviceCIDR string, secondaryServiceCIDR string) *Serv
|
||||
|
||||
var primaryCIDR, secondaryCIDR net.IPNet
|
||||
if len(serviceCIDR) > 0 {
|
||||
_, cidr, _ := net.ParseCIDR(serviceCIDR)
|
||||
_, cidr, _ := netutils.ParseCIDRSloppy(serviceCIDR)
|
||||
if cidr != nil {
|
||||
primaryCIDR = *(cidr)
|
||||
}
|
||||
}
|
||||
|
||||
if len(secondaryServiceCIDR) > 0 {
|
||||
_, cidr, _ := net.ParseCIDR(secondaryServiceCIDR)
|
||||
_, cidr, _ := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
|
||||
if cidr != nil {
|
||||
secondaryCIDR = *(cidr)
|
||||
}
|
||||
@@ -151,7 +152,7 @@ func TestClusterServiceIPRange(t *testing.T) {
|
||||
}
|
||||
|
||||
func getIPnetFromCIDR(cidr string) *net.IPNet {
|
||||
_, ipnet, _ := net.ParseCIDR(cidr)
|
||||
_, ipnet, _ := netutils.ParseCIDRSloppy(cidr)
|
||||
return ipnet
|
||||
}
|
||||
|
||||
|
||||
@@ -61,6 +61,7 @@ import (
|
||||
"k8s.io/klog/v2"
|
||||
aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver"
|
||||
aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"k8s.io/kubernetes/cmd/kube-apiserver/app/options"
|
||||
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
||||
@@ -670,7 +671,7 @@ func getServiceIPAndRanges(serviceClusterIPRanges string) (net.IP, net.IPNet, ne
|
||||
return apiServerServiceIP, primaryServiceIPRange, net.IPNet{}, nil
|
||||
}
|
||||
|
||||
_, primaryServiceClusterCIDR, err := net.ParseCIDR(serviceClusterIPRangeList[0])
|
||||
_, primaryServiceClusterCIDR, err := netutils.ParseCIDRSloppy(serviceClusterIPRangeList[0])
|
||||
if err != nil {
|
||||
return net.IP{}, net.IPNet{}, net.IPNet{}, fmt.Errorf("service-cluster-ip-range[0] is not a valid cidr")
|
||||
}
|
||||
@@ -683,7 +684,7 @@ func getServiceIPAndRanges(serviceClusterIPRanges string) (net.IP, net.IPNet, ne
|
||||
// user provided at least two entries
|
||||
// note: validation asserts that the list is max of two dual stack entries
|
||||
if len(serviceClusterIPRangeList) > 1 {
|
||||
_, secondaryServiceClusterCIDR, err := net.ParseCIDR(serviceClusterIPRangeList[1])
|
||||
_, secondaryServiceClusterCIDR, err := netutils.ParseCIDRSloppy(serviceClusterIPRangeList[1])
|
||||
if err != nil {
|
||||
return net.IP{}, net.IPNet{}, net.IPNet{}, fmt.Errorf("service-cluster-ip-range[1] is not an ip net")
|
||||
}
|
||||
|
||||
@@ -127,14 +127,14 @@ func startNodeIpamController(ctx ControllerContext) (http.Handler, bool, error)
|
||||
|
||||
// service cidr processing
|
||||
if len(strings.TrimSpace(ctx.ComponentConfig.NodeIPAMController.ServiceCIDR)) != 0 {
|
||||
_, serviceCIDR, err = net.ParseCIDR(ctx.ComponentConfig.NodeIPAMController.ServiceCIDR)
|
||||
_, serviceCIDR, err = netutils.ParseCIDRSloppy(ctx.ComponentConfig.NodeIPAMController.ServiceCIDR)
|
||||
if err != nil {
|
||||
klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", ctx.ComponentConfig.NodeIPAMController.ServiceCIDR, err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(strings.TrimSpace(ctx.ComponentConfig.NodeIPAMController.SecondaryServiceCIDR)) != 0 {
|
||||
_, secondaryServiceCIDR, err = net.ParseCIDR(ctx.ComponentConfig.NodeIPAMController.SecondaryServiceCIDR)
|
||||
_, secondaryServiceCIDR, err = netutils.ParseCIDRSloppy(ctx.ComponentConfig.NodeIPAMController.SecondaryServiceCIDR)
|
||||
if err != nil {
|
||||
klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", ctx.ComponentConfig.NodeIPAMController.SecondaryServiceCIDR, err)
|
||||
}
|
||||
|
||||
@@ -45,6 +45,7 @@ import (
|
||||
kubectrlmgrconfigscheme "k8s.io/kubernetes/pkg/controller/apis/config/scheme"
|
||||
"k8s.io/kubernetes/pkg/controller/garbagecollector"
|
||||
garbagecollectorconfig "k8s.io/kubernetes/pkg/controller/garbagecollector/config"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
// add the kubernetes feature gates
|
||||
_ "k8s.io/kubernetes/pkg/features"
|
||||
@@ -427,7 +428,7 @@ func (s KubeControllerManagerOptions) Config(allControllers []string, disabledBy
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
|
||||
if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{netutils.ParseIPSloppy("127.0.0.1")}); err != nil {
|
||||
return nil, fmt.Errorf("error creating self-signed certificates: %v", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,6 @@ limitations under the License.
|
||||
package options
|
||||
|
||||
import (
|
||||
"net"
|
||||
"reflect"
|
||||
"sort"
|
||||
"testing"
|
||||
@@ -61,6 +60,7 @@ import (
|
||||
attachdetachconfig "k8s.io/kubernetes/pkg/controller/volume/attachdetach/config"
|
||||
ephemeralvolumeconfig "k8s.io/kubernetes/pkg/controller/volume/ephemeral/config"
|
||||
persistentvolumeconfig "k8s.io/kubernetes/pkg/controller/volume/persistentvolume/config"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
var args = []string{
|
||||
@@ -403,7 +403,7 @@ func TestAddFlags(t *testing.T) {
|
||||
},
|
||||
SecureServing: (&apiserveroptions.SecureServingOptions{
|
||||
BindPort: 10001,
|
||||
BindAddress: net.ParseIP("192.168.4.21"),
|
||||
BindAddress: netutils.ParseIPSloppy("192.168.4.21"),
|
||||
ServerCert: apiserveroptions.GeneratableKeyCert{
|
||||
CertDirectory: "/a/b/c",
|
||||
PairName: "kube-controller-manager",
|
||||
|
||||
@@ -86,7 +86,7 @@ import (
|
||||
utilipvs "k8s.io/kubernetes/pkg/util/ipvs"
|
||||
"k8s.io/kubernetes/pkg/util/oom"
|
||||
"k8s.io/utils/exec"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
utilpointer "k8s.io/utils/pointer"
|
||||
)
|
||||
|
||||
@@ -836,13 +836,13 @@ func (s *ProxyServer) CleanupAndExit() error {
|
||||
// 2. the primary IP from the Node object, if set
|
||||
// 3. if no IP is found it defaults to 127.0.0.1 and IPv4
|
||||
func detectNodeIP(client clientset.Interface, hostname, bindAddress string) net.IP {
|
||||
nodeIP := net.ParseIP(bindAddress)
|
||||
nodeIP := netutils.ParseIPSloppy(bindAddress)
|
||||
if nodeIP.IsUnspecified() {
|
||||
nodeIP = utilnode.GetNodeIP(client, hostname)
|
||||
}
|
||||
if nodeIP == nil {
|
||||
klog.V(0).Infof("can't determine this node's IP, assuming 127.0.0.1; if this is incorrect, please set the --bind-address flag")
|
||||
nodeIP = net.ParseIP("127.0.0.1")
|
||||
nodeIP = netutils.ParseIPSloppy("127.0.0.1")
|
||||
}
|
||||
return nodeIP
|
||||
}
|
||||
@@ -853,8 +853,8 @@ func detectNodeIP(client clientset.Interface, hostname, bindAddress string) net.
|
||||
func nodeIPTuple(bindAddress string) [2]net.IP {
|
||||
nodes := [2]net.IP{net.IPv4zero, net.IPv6zero}
|
||||
|
||||
adr := net.ParseIP(bindAddress)
|
||||
if utilsnet.IsIPv6(adr) {
|
||||
adr := netutils.ParseIPSloppy(bindAddress)
|
||||
if netutils.IsIPv6(adr) {
|
||||
nodes[1] = adr
|
||||
} else {
|
||||
nodes[0] = adr
|
||||
|
||||
@@ -24,7 +24,6 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
goruntime "runtime"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -65,7 +64,7 @@ import (
|
||||
utilnode "k8s.io/kubernetes/pkg/util/node"
|
||||
utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
|
||||
"k8s.io/utils/exec"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"k8s.io/klog/v2"
|
||||
)
|
||||
@@ -177,7 +176,7 @@ func newProxyServer(
|
||||
klog.V(2).InfoS("DetectLocalMode", "LocalMode", string(detectLocalMode))
|
||||
|
||||
primaryProtocol := utiliptables.ProtocolIPv4
|
||||
if utilsnet.IsIPv6(nodeIP) {
|
||||
if netutils.IsIPv6(nodeIP) {
|
||||
primaryProtocol = utiliptables.ProtocolIPv6
|
||||
}
|
||||
iptInterface = utiliptables.New(execer, primaryProtocol)
|
||||
@@ -350,7 +349,7 @@ func newProxyServer(
|
||||
// TODO this has side effects that should only happen when Run() is invoked.
|
||||
proxier, err = userspace.NewProxier(
|
||||
userspace.NewLoadBalancerRR(),
|
||||
net.ParseIP(config.BindAddress),
|
||||
netutils.ParseIPSloppy(config.BindAddress),
|
||||
iptInterface,
|
||||
execer,
|
||||
*utilnet.ParsePortRangeOrDie(config.PortRange),
|
||||
@@ -504,7 +503,7 @@ func getDualStackLocalDetectorTuple(mode proxyconfigapi.LocalMode, config *proxy
|
||||
}
|
||||
// localDetectors, like ipt, need to be of the order [IPv4, IPv6], but PodCIDRs is setup so that PodCIDRs[0] == PodCIDR.
|
||||
// so have to handle the case where PodCIDR can be IPv6 and set that to localDetectors[1]
|
||||
if utilsnet.IsIPv6CIDRString(nodeInfo.Spec.PodCIDR) {
|
||||
if netutils.IsIPv6CIDRString(nodeInfo.Spec.PodCIDR) {
|
||||
localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(nodeInfo.Spec.PodCIDR, ipt[1])
|
||||
if err != nil {
|
||||
return localDetectors, err
|
||||
@@ -538,7 +537,7 @@ func cidrTuple(cidrList string) [2]string {
|
||||
foundIPv6 := false
|
||||
|
||||
for _, cidr := range strings.Split(cidrList, ",") {
|
||||
if utilsnet.IsIPv6CIDRString(cidr) && !foundIPv6 {
|
||||
if netutils.IsIPv6CIDRString(cidr) && !foundIPv6 {
|
||||
cidrs[1] = cidr
|
||||
foundIPv6 = true
|
||||
} else if !foundIPv4 {
|
||||
|
||||
@@ -26,6 +26,7 @@ import (
|
||||
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
clientsetfake "k8s.io/client-go/kubernetes/fake"
|
||||
|
||||
@@ -232,21 +233,21 @@ func Test_detectNodeIP(t *testing.T) {
|
||||
nodeInfo: makeNodeWithAddresses("", "", ""),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "10.0.0.1",
|
||||
expectedIP: net.ParseIP("10.0.0.1"),
|
||||
expectedIP: netutils.ParseIPSloppy("10.0.0.1"),
|
||||
},
|
||||
{
|
||||
name: "Bind address IPv6 unicast address and no Node object",
|
||||
nodeInfo: makeNodeWithAddresses("", "", ""),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "fd00:4321::2",
|
||||
expectedIP: net.ParseIP("fd00:4321::2"),
|
||||
expectedIP: netutils.ParseIPSloppy("fd00:4321::2"),
|
||||
},
|
||||
{
|
||||
name: "No Valid IP found",
|
||||
nodeInfo: makeNodeWithAddresses("", "", ""),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "",
|
||||
expectedIP: net.ParseIP("127.0.0.1"),
|
||||
expectedIP: netutils.ParseIPSloppy("127.0.0.1"),
|
||||
},
|
||||
// Disabled because the GetNodeIP method has a backoff retry mechanism
|
||||
// and the test takes more than 30 seconds
|
||||
@@ -256,63 +257,63 @@ func Test_detectNodeIP(t *testing.T) {
|
||||
// nodeInfo: makeNodeWithAddresses("", "", ""),
|
||||
// hostname: "fakeHost",
|
||||
// bindAddress: "0.0.0.0",
|
||||
// expectedIP: net.ParseIP("127.0.0.1"),
|
||||
// expectedIP: net.IP{127,0,0,1),
|
||||
// },
|
||||
{
|
||||
name: "Bind address 0.0.0.0 and node with IPv4 InternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "192.168.1.1", "90.90.90.90"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "0.0.0.0",
|
||||
expectedIP: net.ParseIP("192.168.1.1"),
|
||||
expectedIP: netutils.ParseIPSloppy("192.168.1.1"),
|
||||
},
|
||||
{
|
||||
name: "Bind address :: and node with IPv4 InternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "192.168.1.1", "90.90.90.90"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "::",
|
||||
expectedIP: net.ParseIP("192.168.1.1"),
|
||||
expectedIP: netutils.ParseIPSloppy("192.168.1.1"),
|
||||
},
|
||||
{
|
||||
name: "Bind address 0.0.0.0 and node with IPv6 InternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "fd00:1234::1", "2001:db8::2"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "0.0.0.0",
|
||||
expectedIP: net.ParseIP("fd00:1234::1"),
|
||||
expectedIP: netutils.ParseIPSloppy("fd00:1234::1"),
|
||||
},
|
||||
{
|
||||
name: "Bind address :: and node with IPv6 InternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "fd00:1234::1", "2001:db8::2"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "::",
|
||||
expectedIP: net.ParseIP("fd00:1234::1"),
|
||||
expectedIP: netutils.ParseIPSloppy("fd00:1234::1"),
|
||||
},
|
||||
{
|
||||
name: "Bind address 0.0.0.0 and node with only IPv4 ExternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "", "90.90.90.90"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "0.0.0.0",
|
||||
expectedIP: net.ParseIP("90.90.90.90"),
|
||||
expectedIP: netutils.ParseIPSloppy("90.90.90.90"),
|
||||
},
|
||||
{
|
||||
name: "Bind address :: and node with only IPv4 ExternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "", "90.90.90.90"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "::",
|
||||
expectedIP: net.ParseIP("90.90.90.90"),
|
||||
expectedIP: netutils.ParseIPSloppy("90.90.90.90"),
|
||||
},
|
||||
{
|
||||
name: "Bind address 0.0.0.0 and node with only IPv6 ExternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "", "2001:db8::2"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "0.0.0.0",
|
||||
expectedIP: net.ParseIP("2001:db8::2"),
|
||||
expectedIP: netutils.ParseIPSloppy("2001:db8::2"),
|
||||
},
|
||||
{
|
||||
name: "Bind address :: and node with only IPv6 ExternalIP set",
|
||||
nodeInfo: makeNodeWithAddresses("fakeHost", "", "2001:db8::2"),
|
||||
hostname: "fakeHost",
|
||||
bindAddress: "::",
|
||||
expectedIP: net.ParseIP("2001:db8::2"),
|
||||
expectedIP: netutils.ParseIPSloppy("2001:db8::2"),
|
||||
},
|
||||
}
|
||||
for _, c := range cases {
|
||||
|
||||
@@ -23,7 +23,6 @@ package app
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
goruntime "runtime"
|
||||
|
||||
// Enable pprof HTTP handlers.
|
||||
@@ -45,6 +44,7 @@ import (
|
||||
utilnetsh "k8s.io/kubernetes/pkg/util/netsh"
|
||||
utilnode "k8s.io/kubernetes/pkg/util/node"
|
||||
"k8s.io/utils/exec"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
// NewProxyServer returns a new ProxyServer.
|
||||
@@ -148,7 +148,7 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi
|
||||
|
||||
proxier, err = winuserspace.NewProxier(
|
||||
winuserspace.NewLoadBalancerRR(),
|
||||
net.ParseIP(config.BindAddress),
|
||||
netutils.ParseIPSloppy(config.BindAddress),
|
||||
netshInterface,
|
||||
*utilnet.ParsePortRangeOrDie(config.PortRange),
|
||||
// TODO @pires replace below with default values, if applicable
|
||||
|
||||
@@ -26,6 +26,7 @@ import (
|
||||
apiserveroptions "k8s.io/apiserver/pkg/server/options"
|
||||
schedulerappconfig "k8s.io/kubernetes/cmd/kube-scheduler/app/config"
|
||||
kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
// CombinedInsecureServingOptions sets up to two insecure listeners for healthz and metrics. The flags
|
||||
@@ -78,11 +79,11 @@ func (o *CombinedInsecureServingOptions) ApplyTo(c *schedulerappconfig.Config, c
|
||||
|
||||
if o.Healthz != nil {
|
||||
o.Healthz.BindPort = o.BindPort
|
||||
o.Healthz.BindAddress = net.ParseIP(o.BindAddress)
|
||||
o.Healthz.BindAddress = netutils.ParseIPSloppy(o.BindAddress)
|
||||
}
|
||||
if o.Metrics != nil {
|
||||
o.Metrics.BindPort = o.BindPort
|
||||
o.Metrics.BindAddress = net.ParseIP(o.BindAddress)
|
||||
o.Metrics.BindAddress = netutils.ParseIPSloppy(o.BindAddress)
|
||||
}
|
||||
|
||||
return o.applyTo(c, componentConfig)
|
||||
@@ -125,7 +126,7 @@ func updateDeprecatedInsecureServingOptionsFromAddress(is *apiserveroptions.Depr
|
||||
} else {
|
||||
// In the previous `validate` process, we can ensure that the `addr` is legal, so ignore the error
|
||||
host, portInt, _ := splitHostIntPort(addr)
|
||||
is.BindAddress = net.ParseIP(host)
|
||||
is.BindAddress = netutils.ParseIPSloppy(host)
|
||||
is.BindPort = portInt
|
||||
}
|
||||
}
|
||||
@@ -142,7 +143,7 @@ func (o *CombinedInsecureServingOptions) Validate() []error {
|
||||
errors = append(errors, fmt.Errorf("--port %v must be between 0 and 65535, inclusive. 0 for turning off insecure (HTTP) port", o.BindPort))
|
||||
}
|
||||
|
||||
if len(o.BindAddress) > 0 && net.ParseIP(o.BindAddress) == nil {
|
||||
if len(o.BindAddress) > 0 && netutils.ParseIPSloppy(o.BindAddress) == nil {
|
||||
errors = append(errors, fmt.Errorf("--address %v is an invalid IP address", o.BindAddress))
|
||||
}
|
||||
|
||||
|
||||
@@ -45,6 +45,7 @@ import (
|
||||
kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config"
|
||||
"k8s.io/kubernetes/pkg/scheduler/apis/config/latest"
|
||||
"k8s.io/kubernetes/pkg/scheduler/apis/config/validation"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
// Options has all the params needed to run a Scheduler
|
||||
@@ -286,7 +287,7 @@ func (o *Options) Validate() []error {
|
||||
// Config return a scheduler config object
|
||||
func (o *Options) Config() (*schedulerappconfig.Config, error) {
|
||||
if o.SecureServing != nil {
|
||||
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
|
||||
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{netutils.ParseIPSloppy("127.0.0.1")}); err != nil {
|
||||
return nil, fmt.Errorf("error creating self-signed certificates: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,6 +20,8 @@ import (
|
||||
"net"
|
||||
"strconv"
|
||||
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
@@ -29,7 +31,7 @@ func APIEndpointFromString(apiEndpoint string) (APIEndpoint, error) {
|
||||
if err != nil {
|
||||
return APIEndpoint{}, errors.Wrapf(err, "invalid advertise address endpoint: %s", apiEndpoint)
|
||||
}
|
||||
if net.ParseIP(apiEndpointHost) == nil {
|
||||
if netutils.ParseIPSloppy(apiEndpointHost) == nil {
|
||||
return APIEndpoint{}, errors.Errorf("invalid API endpoint IP: %s", apiEndpointHost)
|
||||
}
|
||||
apiEndpointPort, err := net.LookupPort("tcp", apiEndpointPortStr)
|
||||
|
||||
@@ -34,7 +34,7 @@ import (
|
||||
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
|
||||
bootstraputil "k8s.io/cluster-bootstrap/token/util"
|
||||
"k8s.io/klog/v2"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
bootstraptokenv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/bootstraptoken/v1"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
@@ -319,7 +319,7 @@ func ValidateCertSANs(altnames []string, fldPath *field.Path) field.ErrorList {
|
||||
for _, altname := range altnames {
|
||||
if errs := validation.IsDNS1123Subdomain(altname); len(errs) != 0 {
|
||||
if errs2 := validation.IsWildcardDNS1123Subdomain(altname); len(errs2) != 0 {
|
||||
if net.ParseIP(altname) == nil {
|
||||
if netutils.ParseIPSloppy(altname) == nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, altname, fmt.Sprintf("altname is not a valid IP address, DNS label or a DNS label with subdomain wildcards: %s; %s", strings.Join(errs, "; "), strings.Join(errs2, "; "))))
|
||||
}
|
||||
}
|
||||
@@ -350,7 +350,7 @@ func ValidateURLs(urls []string, requireHTTPS bool, fldPath *field.Path) field.E
|
||||
// ValidateIPFromString validates ip address
|
||||
func ValidateIPFromString(ipaddr string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if net.ParseIP(ipaddr) == nil {
|
||||
if netutils.ParseIPSloppy(ipaddr) == nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, ipaddr, "ip address is not valid"))
|
||||
}
|
||||
return allErrs
|
||||
@@ -377,7 +377,7 @@ func ValidateHostPort(endpoint string, fldPath *field.Path) field.ErrorList {
|
||||
// ValidateIPNetFromString validates network portion of ip address
|
||||
func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
subnets, err := utilnet.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
subnets, err := netutils.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
if err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, subnetStr, "couldn't parse subnet"))
|
||||
return allErrs
|
||||
@@ -388,7 +388,7 @@ func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool,
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, subnetStr, "expected one (IPv4 or IPv6) CIDR or two CIDRs from each family for dual-stack networking"))
|
||||
// if DualStack and there are 2 CIDRs validate if there is at least one of each IP family
|
||||
case isDualStack && len(subnets) == 2:
|
||||
areDualStackCIDRs, err := utilnet.IsDualStackCIDRs(subnets)
|
||||
areDualStackCIDRs, err := netutils.IsDualStackCIDRs(subnets)
|
||||
if err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, subnetStr, err.Error()))
|
||||
} else if !areDualStackCIDRs {
|
||||
@@ -400,13 +400,13 @@ func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool,
|
||||
}
|
||||
// validate the subnet/s
|
||||
for _, s := range subnets {
|
||||
numAddresses := utilnet.RangeSize(s)
|
||||
numAddresses := netutils.RangeSize(s)
|
||||
if numAddresses < minAddrs {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, s.String(), fmt.Sprintf("subnet with %d address(es) is too small, the minimum is %d", numAddresses, minAddrs)))
|
||||
}
|
||||
|
||||
// Warn when the subnet is in site-local range - i.e. contains addresses that belong to fec0::/10
|
||||
_, siteLocalNet, _ := net.ParseCIDR("fec0::/10")
|
||||
_, siteLocalNet, _ := netutils.ParseCIDRSloppy("fec0::/10")
|
||||
if siteLocalNet.Contains(s.IP) || s.Contains(siteLocalNet.IP) {
|
||||
klog.Warningf("the subnet %v contains IPv6 site-local addresses that belong to fec0::/10 which has been deprecated by rfc3879", s)
|
||||
}
|
||||
@@ -422,7 +422,7 @@ func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool,
|
||||
func ValidateServiceSubnetSize(subnetStr string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
// subnets were already validated
|
||||
subnets, _ := utilnet.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
subnets, _ := netutils.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
for _, serviceSubnet := range subnets {
|
||||
ones, bits := serviceSubnet.Mask.Size()
|
||||
if bits-ones > constants.MaximumBitsForServiceSubnet {
|
||||
@@ -437,13 +437,13 @@ func ValidateServiceSubnetSize(subnetStr string, fldPath *field.Path) field.Erro
|
||||
func ValidatePodSubnetNodeMask(subnetStr string, c *kubeadm.ClusterConfiguration, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
// subnets were already validated
|
||||
subnets, _ := utilnet.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
subnets, _ := netutils.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
for _, podSubnet := range subnets {
|
||||
// obtain podSubnet mask
|
||||
mask := podSubnet.Mask
|
||||
maskSize, _ := mask.Size()
|
||||
// obtain node-cidr-mask
|
||||
nodeMask, err := getClusterNodeMask(c, utilnet.IsIPv6(podSubnet.IP))
|
||||
nodeMask, err := getClusterNodeMask(c, netutils.IsIPv6(podSubnet.IP))
|
||||
if err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, podSubnet.String(), err.Error()))
|
||||
continue
|
||||
|
||||
@@ -17,10 +17,9 @@ limitations under the License.
|
||||
package componentconfigs
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
kubeproxyconfig "k8s.io/kube-proxy/config/v1alpha1"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmapiv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3"
|
||||
@@ -76,7 +75,7 @@ func (kp *kubeProxyConfig) Unmarshal(docmap kubeadmapi.DocumentMap) error {
|
||||
}
|
||||
|
||||
func kubeProxyDefaultBindAddress(localAdvertiseAddress string) string {
|
||||
ip := net.ParseIP(localAdvertiseAddress)
|
||||
ip := netutils.ParseIPSloppy(localAdvertiseAddress)
|
||||
if ip.To4() != nil {
|
||||
return kubeadmapiv1.DefaultProxyBindAddressv4
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@ import (
|
||||
apimachineryversion "k8s.io/apimachinery/pkg/version"
|
||||
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
|
||||
componentversion "k8s.io/component-base/version"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -635,7 +635,7 @@ func GetDNSIP(svcSubnetList string, isDualStack bool) (net.IP, error) {
|
||||
}
|
||||
|
||||
// Selects the 10th IP in service subnet CIDR range as dnsIP
|
||||
dnsIP, err := utilnet.GetIndexedIP(svcSubnetCIDR, 10)
|
||||
dnsIP, err := netutils.GetIndexedIP(svcSubnetCIDR, 10)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to get internal Kubernetes Service IP from the given service CIDR")
|
||||
}
|
||||
@@ -649,7 +649,7 @@ func GetKubernetesServiceCIDR(svcSubnetList string, isDualStack bool) (*net.IPNe
|
||||
// The default service address family for the cluster is the address family of the first
|
||||
// service cluster IP range configured via the `--service-cluster-ip-range` flag
|
||||
// of the kube-controller-manager and kube-apiserver.
|
||||
svcSubnets, err := utilnet.ParseCIDRs(strings.Split(svcSubnetList, ","))
|
||||
svcSubnets, err := netutils.ParseCIDRs(strings.Split(svcSubnetList, ","))
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "unable to parse ServiceSubnet %v", svcSubnetList)
|
||||
}
|
||||
@@ -659,7 +659,7 @@ func GetKubernetesServiceCIDR(svcSubnetList string, isDualStack bool) (*net.IPNe
|
||||
return svcSubnets[0], nil
|
||||
}
|
||||
// internal IP address for the API server
|
||||
_, svcSubnet, err := net.ParseCIDR(svcSubnetList)
|
||||
_, svcSubnet, err := netutils.ParseCIDRSloppy(svcSubnetList)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "unable to parse ServiceSubnet %v", svcSubnetList)
|
||||
}
|
||||
@@ -672,7 +672,7 @@ func GetAPIServerVirtualIP(svcSubnetList string, isDualStack bool) (net.IP, erro
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to get internal Kubernetes Service IP from the given service CIDR")
|
||||
}
|
||||
internalAPIServerVirtualIP, err := utilnet.GetIndexedIP(svcSubnet, 1)
|
||||
internalAPIServerVirtualIP, err := netutils.GetIndexedIP(svcSubnet, 1)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "unable to get the first IP address from the given CIDR: %s", svcSubnet.String())
|
||||
}
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
"time"
|
||||
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
|
||||
@@ -46,7 +47,7 @@ var (
|
||||
CommonName: "test-common-name",
|
||||
Organization: []string{"sig-cluster-lifecycle"},
|
||||
AltNames: certutil.AltNames{
|
||||
IPs: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPs: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
},
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
@@ -234,7 +235,7 @@ func TestCertToConfig(t *testing.T) {
|
||||
CommonName: "test-common-name",
|
||||
Organization: []string{"sig-cluster-lifecycle"},
|
||||
AltNames: certutil.AltNames{
|
||||
IPs: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPs: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
},
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
@@ -247,7 +248,7 @@ func TestCertToConfig(t *testing.T) {
|
||||
},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
IPAddresses: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPAddresses: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
}
|
||||
|
||||
cfg := certToConfig(cert)
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
"k8s.io/client-go/util/keyutil"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
|
||||
@@ -161,7 +162,7 @@ func writeTestKubeconfig(t *testing.T, dir, name string, caCert *x509.Certificat
|
||||
Organization: []string{"sig-cluster-lifecycle"},
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
AltNames: certutil.AltNames{
|
||||
IPs: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPs: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -46,7 +46,7 @@ import (
|
||||
"k8s.io/klog/v2"
|
||||
system "k8s.io/system-validators/validators"
|
||||
utilsexec "k8s.io/utils/exec"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
@@ -432,7 +432,7 @@ func (hst HTTPProxyCheck) Name() string {
|
||||
func (hst HTTPProxyCheck) Check() (warnings, errorList []error) {
|
||||
klog.V(1).Infoln("validating if the connectivity type is via proxy or direct")
|
||||
u := &url.URL{Scheme: hst.Proto, Host: hst.Host}
|
||||
if utilsnet.IsIPv6String(hst.Host) {
|
||||
if netutils.IsIPv6String(hst.Host) {
|
||||
u.Host = net.JoinHostPort(hst.Host, "1234")
|
||||
}
|
||||
|
||||
@@ -474,12 +474,12 @@ func (subnet HTTPProxyCIDRCheck) Check() (warnings, errorList []error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
_, cidr, err := net.ParseCIDR(subnet.CIDR)
|
||||
_, cidr, err := netutils.ParseCIDRSloppy(subnet.CIDR)
|
||||
if err != nil {
|
||||
return nil, []error{errors.Wrapf(err, "error parsing CIDR %q", subnet.CIDR)}
|
||||
}
|
||||
|
||||
testIP, err := utilsnet.GetIndexedIP(cidr, 1)
|
||||
testIP, err := netutils.GetIndexedIP(cidr, 1)
|
||||
if err != nil {
|
||||
return nil, []error{errors.Wrapf(err, "unable to get first IP address from the given CIDR (%s)", cidr.String())}
|
||||
}
|
||||
@@ -941,8 +941,8 @@ func RunInitNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.InitConfigura
|
||||
checks = addCommonChecks(execer, cfg.KubernetesVersion, &cfg.NodeRegistration, checks)
|
||||
|
||||
// Check if Bridge-netfilter and IPv6 relevant flags are set
|
||||
if ip := net.ParseIP(cfg.LocalAPIEndpoint.AdvertiseAddress); ip != nil {
|
||||
if utilsnet.IsIPv6(ip) {
|
||||
if ip := netutils.ParseIPSloppy(cfg.LocalAPIEndpoint.AdvertiseAddress); ip != nil {
|
||||
if netutils.IsIPv6(ip) {
|
||||
checks = append(checks,
|
||||
FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
|
||||
FileContentCheck{Path: ipv6DefaultForwarding, Content: []byte{'1'}},
|
||||
@@ -1006,8 +1006,8 @@ func RunJoinNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.JoinConfigura
|
||||
checks = append(checks,
|
||||
HTTPProxyCheck{Proto: "https", Host: ipstr},
|
||||
)
|
||||
if ip := net.ParseIP(ipstr); ip != nil {
|
||||
if utilsnet.IsIPv6(ip) {
|
||||
if ip := netutils.ParseIPSloppy(ipstr); ip != nil {
|
||||
if netutils.IsIPv6(ip) {
|
||||
addIPv6Checks = true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,18 +17,17 @@ limitations under the License.
|
||||
package apiclient
|
||||
|
||||
import (
|
||||
"net"
|
||||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
core "k8s.io/client-go/testing"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
)
|
||||
@@ -88,12 +87,12 @@ func (idr *InitDryRunGetter) handleKubernetesService(action core.GetAction) (boo
|
||||
return false, nil, nil
|
||||
}
|
||||
|
||||
_, svcSubnet, err := net.ParseCIDR(idr.serviceSubnet)
|
||||
_, svcSubnet, err := netutils.ParseCIDRSloppy(idr.serviceSubnet)
|
||||
if err != nil {
|
||||
return true, nil, errors.Wrapf(err, "error parsing CIDR %q", idr.serviceSubnet)
|
||||
}
|
||||
|
||||
internalAPIServerVirtualIP, err := utilnet.GetIndexedIP(svcSubnet, 1)
|
||||
internalAPIServerVirtualIP, err := netutils.GetIndexedIP(svcSubnet, 1)
|
||||
if err != nil {
|
||||
return true, nil, errors.Wrapf(err, "unable to get first IP address from the given CIDR (%s)", svcSubnet.String())
|
||||
}
|
||||
|
||||
@@ -31,6 +31,7 @@ import (
|
||||
apimachineryversion "k8s.io/apimachinery/pkg/version"
|
||||
componentversion "k8s.io/component-base/version"
|
||||
"k8s.io/klog/v2"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
|
||||
@@ -139,7 +140,7 @@ func LowercaseSANs(sans []string) {
|
||||
// VerifyAPIServerBindAddress can be used to verify if a bind address for the API Server is 0.0.0.0,
|
||||
// in which case this address is not valid and should not be used.
|
||||
func VerifyAPIServerBindAddress(address string) error {
|
||||
ip := net.ParseIP(address)
|
||||
ip := netutils.ParseIPSloppy(address)
|
||||
if ip == nil {
|
||||
return errors.Errorf("cannot parse IP address: %s", address)
|
||||
}
|
||||
@@ -164,7 +165,7 @@ func ChooseAPIServerBindAddress(bindAddress net.IP) (net.IP, error) {
|
||||
if err != nil {
|
||||
if netutil.IsNoRoutesError(err) {
|
||||
klog.Warningf("WARNING: could not obtain a bind address for the API Server: %v; using: %s", err, constants.DefaultAPIServerBindAddress)
|
||||
defaultIP := net.ParseIP(constants.DefaultAPIServerBindAddress)
|
||||
defaultIP := netutils.ParseIPSloppy(constants.DefaultAPIServerBindAddress)
|
||||
if defaultIP == nil {
|
||||
return nil, errors.Errorf("cannot parse default IP address: %s", constants.DefaultAPIServerBindAddress)
|
||||
}
|
||||
|
||||
@@ -31,6 +31,7 @@ import (
|
||||
netutil "k8s.io/apimachinery/pkg/util/net"
|
||||
bootstraputil "k8s.io/cluster-bootstrap/token/util"
|
||||
"k8s.io/klog/v2"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
bootstraptokenv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/bootstraptoken/v1"
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
@@ -122,7 +123,7 @@ func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions,
|
||||
// SetAPIEndpointDynamicDefaults checks and sets configuration values for the APIEndpoint object
|
||||
func SetAPIEndpointDynamicDefaults(cfg *kubeadmapi.APIEndpoint) error {
|
||||
// validate cfg.API.AdvertiseAddress.
|
||||
addressIP := net.ParseIP(cfg.AdvertiseAddress)
|
||||
addressIP := netutils.ParseIPSloppy(cfg.AdvertiseAddress)
|
||||
if addressIP == nil && cfg.AdvertiseAddress != "" {
|
||||
return errors.Errorf("couldn't use \"%s\" as \"apiserver-advertise-address\", must be ipv4 or ipv6 address", cfg.AdvertiseAddress)
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/validation"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
)
|
||||
@@ -100,7 +100,7 @@ func ParseHostPort(hostport string) (string, string, error) {
|
||||
}
|
||||
|
||||
// if host is a valid IP, returns it
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip != nil {
|
||||
return host, port, nil
|
||||
}
|
||||
|
||||
@@ -115,7 +115,7 @@ func ParseHostPort(hostport string) (string, string, error) {
|
||||
// ParsePort parses a string representing a TCP port.
|
||||
// If the string is not a valid representation of a TCP port, ParsePort returns an error.
|
||||
func ParsePort(port string) (int, error) {
|
||||
portInt, err := utilsnet.ParsePort(port, true)
|
||||
portInt, err := netutils.ParsePort(port, true)
|
||||
if err == nil && (1 <= portInt && portInt <= 65535) {
|
||||
return portInt, nil
|
||||
}
|
||||
@@ -133,7 +133,7 @@ func parseAPIEndpoint(localEndpoint *kubeadmapi.APIEndpoint) (net.IP, string, er
|
||||
}
|
||||
|
||||
// parse the AdvertiseAddress
|
||||
var ip = net.ParseIP(localEndpoint.AdvertiseAddress)
|
||||
var ip = netutils.ParseIPSloppy(localEndpoint.AdvertiseAddress)
|
||||
if ip == nil {
|
||||
return nil, "", errors.Errorf("invalid value `%s` given for api.advertiseAddress", localEndpoint.AdvertiseAddress)
|
||||
}
|
||||
|
||||
@@ -41,6 +41,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/validation"
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
"k8s.io/client-go/util/keyutil"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
@@ -417,7 +418,7 @@ func pathForCSR(pkiPath, name string) string {
|
||||
// GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate
|
||||
func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error) {
|
||||
// advertise address
|
||||
advertiseAddress := net.ParseIP(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
advertiseAddress := netutils.ParseIPSloppy(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
if advertiseAddress == nil {
|
||||
return nil, errors.Errorf("error parsing LocalAPIEndpoint AdvertiseAddress %v: is not a valid textual representation of an IP address",
|
||||
cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
@@ -446,7 +447,7 @@ func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames
|
||||
// add cluster controlPlaneEndpoint if present (dns or ip)
|
||||
if len(cfg.ControlPlaneEndpoint) > 0 {
|
||||
if host, _, err := kubeadmutil.ParseHostPort(cfg.ControlPlaneEndpoint); err == nil {
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip != nil {
|
||||
altNames.IPs = append(altNames.IPs, ip)
|
||||
} else {
|
||||
altNames.DNSNames = append(altNames.DNSNames, host)
|
||||
@@ -478,7 +479,7 @@ func GetEtcdPeerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames,
|
||||
// getAltNames builds an AltNames object with the cfg and certName.
|
||||
func getAltNames(cfg *kubeadmapi.InitConfiguration, certName string) (*certutil.AltNames, error) {
|
||||
// advertise address
|
||||
advertiseAddress := net.ParseIP(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
advertiseAddress := netutils.ParseIPSloppy(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
if advertiseAddress == nil {
|
||||
return nil, errors.Errorf("error parsing LocalAPIEndpoint AdvertiseAddress %v: is not a valid textual representation of an IP address",
|
||||
cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
@@ -508,7 +509,7 @@ func getAltNames(cfg *kubeadmapi.InitConfiguration, certName string) (*certutil.
|
||||
// certNames is used to print user facing warnings and should be the name of the cert the altNames will be used for
|
||||
func appendSANsToAltNames(altNames *certutil.AltNames, SANs []string, certName string) {
|
||||
for _, altname := range SANs {
|
||||
if ip := net.ParseIP(altname); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(altname); ip != nil {
|
||||
altNames.IPs = append(altNames.IPs, ip)
|
||||
} else if len(validation.IsDNS1123Subdomain(altname)) == 0 {
|
||||
altNames.DNSNames = append(altNames.DNSNames, altname)
|
||||
|
||||
@@ -30,6 +30,7 @@ import (
|
||||
"testing"
|
||||
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
)
|
||||
@@ -633,7 +634,7 @@ func TestGetAPIServerAltNames(t *testing.T) {
|
||||
for _, IPAddress := range rt.expectedIPAddresses {
|
||||
found := false
|
||||
for _, val := range altNames.IPs {
|
||||
if val.Equal(net.ParseIP(IPAddress)) {
|
||||
if val.Equal(netutils.ParseIPSloppy(IPAddress)) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
@@ -698,7 +699,7 @@ func TestGetEtcdAltNames(t *testing.T) {
|
||||
t.Run(IPAddress, func(t *testing.T) {
|
||||
found := false
|
||||
for _, val := range altNames.IPs {
|
||||
if val.Equal(net.ParseIP(IPAddress)) {
|
||||
if val.Equal(netutils.ParseIPSloppy(IPAddress)) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
@@ -757,7 +758,7 @@ func TestGetEtcdPeerAltNames(t *testing.T) {
|
||||
for _, IPAddress := range expectedIPAddresses {
|
||||
found := false
|
||||
for _, val := range altNames.IPs {
|
||||
if val.Equal(net.ParseIP(IPAddress)) {
|
||||
if val.Equal(netutils.ParseIPSloppy(IPAddress)) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
|
||||
@@ -103,7 +103,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/volume/util/hostutil"
|
||||
"k8s.io/kubernetes/pkg/volume/util/subpath"
|
||||
"k8s.io/utils/exec"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -1122,7 +1122,7 @@ func RunKubelet(kubeServer *options.KubeletServer, kubeDeps *kubelet.Dependencie
|
||||
var nodeIPs []net.IP
|
||||
if kubeServer.NodeIP != "" {
|
||||
for _, ip := range strings.Split(kubeServer.NodeIP, ",") {
|
||||
parsedNodeIP := net.ParseIP(strings.TrimSpace(ip))
|
||||
parsedNodeIP := netutils.ParseIPSloppy(strings.TrimSpace(ip))
|
||||
if parsedNodeIP == nil {
|
||||
klog.InfoS("Could not parse --node-ip ignoring", "IP", ip)
|
||||
} else {
|
||||
@@ -1132,7 +1132,7 @@ func RunKubelet(kubeServer *options.KubeletServer, kubeDeps *kubelet.Dependencie
|
||||
}
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) && len(nodeIPs) > 1 {
|
||||
return fmt.Errorf("dual-stack --node-ip %q not supported in a single-stack cluster", kubeServer.NodeIP)
|
||||
} else if len(nodeIPs) > 2 || (len(nodeIPs) == 2 && utilnet.IsIPv6(nodeIPs[0]) == utilnet.IsIPv6(nodeIPs[1])) {
|
||||
} else if len(nodeIPs) > 2 || (len(nodeIPs) == 2 && netutils.IsIPv6(nodeIPs[0]) == netutils.IsIPv6(nodeIPs[1])) {
|
||||
return fmt.Errorf("bad --node-ip %q; must contain either a single IP or a dual-stack pair of IPs", kubeServer.NodeIP)
|
||||
} else if len(nodeIPs) == 2 && kubeServer.CloudProvider != "" {
|
||||
return fmt.Errorf("dual-stack --node-ip %q not supported when using a cloud provider", kubeServer.NodeIP)
|
||||
@@ -1224,7 +1224,7 @@ func startKubelet(k kubelet.Bootstrap, podCfg *config.PodConfig, kubeCfg *kubele
|
||||
go k.ListenAndServe(kubeCfg, kubeDeps.TLSOptions, kubeDeps.Auth)
|
||||
}
|
||||
if kubeCfg.ReadOnlyPort > 0 {
|
||||
go k.ListenAndServeReadOnly(net.ParseIP(kubeCfg.Address), uint(kubeCfg.ReadOnlyPort))
|
||||
go k.ListenAndServeReadOnly(netutils.ParseIPSloppy(kubeCfg.Address), uint(kubeCfg.ReadOnlyPort))
|
||||
}
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.KubeletPodResources) {
|
||||
go k.ListenAndServePodResources()
|
||||
|
||||
Reference in New Issue
Block a user