run hack/update-netparse-cve.sh
This commit is contained in:
Antonio Ojea
@@ -20,6 +20,8 @@ import (
|
||||
"net"
|
||||
"strconv"
|
||||
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
@@ -29,7 +31,7 @@ func APIEndpointFromString(apiEndpoint string) (APIEndpoint, error) {
|
||||
if err != nil {
|
||||
return APIEndpoint{}, errors.Wrapf(err, "invalid advertise address endpoint: %s", apiEndpoint)
|
||||
}
|
||||
if net.ParseIP(apiEndpointHost) == nil {
|
||||
if netutils.ParseIPSloppy(apiEndpointHost) == nil {
|
||||
return APIEndpoint{}, errors.Errorf("invalid API endpoint IP: %s", apiEndpointHost)
|
||||
}
|
||||
apiEndpointPort, err := net.LookupPort("tcp", apiEndpointPortStr)
|
||||
|
||||
@@ -34,7 +34,7 @@ import (
|
||||
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
|
||||
bootstraputil "k8s.io/cluster-bootstrap/token/util"
|
||||
"k8s.io/klog/v2"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
bootstraptokenv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/bootstraptoken/v1"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
@@ -319,7 +319,7 @@ func ValidateCertSANs(altnames []string, fldPath *field.Path) field.ErrorList {
|
||||
for _, altname := range altnames {
|
||||
if errs := validation.IsDNS1123Subdomain(altname); len(errs) != 0 {
|
||||
if errs2 := validation.IsWildcardDNS1123Subdomain(altname); len(errs2) != 0 {
|
||||
if net.ParseIP(altname) == nil {
|
||||
if netutils.ParseIPSloppy(altname) == nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, altname, fmt.Sprintf("altname is not a valid IP address, DNS label or a DNS label with subdomain wildcards: %s; %s", strings.Join(errs, "; "), strings.Join(errs2, "; "))))
|
||||
}
|
||||
}
|
||||
@@ -350,7 +350,7 @@ func ValidateURLs(urls []string, requireHTTPS bool, fldPath *field.Path) field.E
|
||||
// ValidateIPFromString validates ip address
|
||||
func ValidateIPFromString(ipaddr string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if net.ParseIP(ipaddr) == nil {
|
||||
if netutils.ParseIPSloppy(ipaddr) == nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, ipaddr, "ip address is not valid"))
|
||||
}
|
||||
return allErrs
|
||||
@@ -377,7 +377,7 @@ func ValidateHostPort(endpoint string, fldPath *field.Path) field.ErrorList {
|
||||
// ValidateIPNetFromString validates network portion of ip address
|
||||
func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
subnets, err := utilnet.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
subnets, err := netutils.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
if err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, subnetStr, "couldn't parse subnet"))
|
||||
return allErrs
|
||||
@@ -388,7 +388,7 @@ func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool,
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, subnetStr, "expected one (IPv4 or IPv6) CIDR or two CIDRs from each family for dual-stack networking"))
|
||||
// if DualStack and there are 2 CIDRs validate if there is at least one of each IP family
|
||||
case isDualStack && len(subnets) == 2:
|
||||
areDualStackCIDRs, err := utilnet.IsDualStackCIDRs(subnets)
|
||||
areDualStackCIDRs, err := netutils.IsDualStackCIDRs(subnets)
|
||||
if err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, subnetStr, err.Error()))
|
||||
} else if !areDualStackCIDRs {
|
||||
@@ -400,13 +400,13 @@ func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool,
|
||||
}
|
||||
// validate the subnet/s
|
||||
for _, s := range subnets {
|
||||
numAddresses := utilnet.RangeSize(s)
|
||||
numAddresses := netutils.RangeSize(s)
|
||||
if numAddresses < minAddrs {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, s.String(), fmt.Sprintf("subnet with %d address(es) is too small, the minimum is %d", numAddresses, minAddrs)))
|
||||
}
|
||||
|
||||
// Warn when the subnet is in site-local range - i.e. contains addresses that belong to fec0::/10
|
||||
_, siteLocalNet, _ := net.ParseCIDR("fec0::/10")
|
||||
_, siteLocalNet, _ := netutils.ParseCIDRSloppy("fec0::/10")
|
||||
if siteLocalNet.Contains(s.IP) || s.Contains(siteLocalNet.IP) {
|
||||
klog.Warningf("the subnet %v contains IPv6 site-local addresses that belong to fec0::/10 which has been deprecated by rfc3879", s)
|
||||
}
|
||||
@@ -422,7 +422,7 @@ func ValidateIPNetFromString(subnetStr string, minAddrs int64, isDualStack bool,
|
||||
func ValidateServiceSubnetSize(subnetStr string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
// subnets were already validated
|
||||
subnets, _ := utilnet.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
subnets, _ := netutils.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
for _, serviceSubnet := range subnets {
|
||||
ones, bits := serviceSubnet.Mask.Size()
|
||||
if bits-ones > constants.MaximumBitsForServiceSubnet {
|
||||
@@ -437,13 +437,13 @@ func ValidateServiceSubnetSize(subnetStr string, fldPath *field.Path) field.Erro
|
||||
func ValidatePodSubnetNodeMask(subnetStr string, c *kubeadm.ClusterConfiguration, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
// subnets were already validated
|
||||
subnets, _ := utilnet.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
subnets, _ := netutils.ParseCIDRs(strings.Split(subnetStr, ","))
|
||||
for _, podSubnet := range subnets {
|
||||
// obtain podSubnet mask
|
||||
mask := podSubnet.Mask
|
||||
maskSize, _ := mask.Size()
|
||||
// obtain node-cidr-mask
|
||||
nodeMask, err := getClusterNodeMask(c, utilnet.IsIPv6(podSubnet.IP))
|
||||
nodeMask, err := getClusterNodeMask(c, netutils.IsIPv6(podSubnet.IP))
|
||||
if err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, podSubnet.String(), err.Error()))
|
||||
continue
|
||||
|
||||
@@ -17,10 +17,9 @@ limitations under the License.
|
||||
package componentconfigs
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
kubeproxyconfig "k8s.io/kube-proxy/config/v1alpha1"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmapiv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3"
|
||||
@@ -76,7 +75,7 @@ func (kp *kubeProxyConfig) Unmarshal(docmap kubeadmapi.DocumentMap) error {
|
||||
}
|
||||
|
||||
func kubeProxyDefaultBindAddress(localAdvertiseAddress string) string {
|
||||
ip := net.ParseIP(localAdvertiseAddress)
|
||||
ip := netutils.ParseIPSloppy(localAdvertiseAddress)
|
||||
if ip.To4() != nil {
|
||||
return kubeadmapiv1.DefaultProxyBindAddressv4
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@ import (
|
||||
apimachineryversion "k8s.io/apimachinery/pkg/version"
|
||||
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
|
||||
componentversion "k8s.io/component-base/version"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -635,7 +635,7 @@ func GetDNSIP(svcSubnetList string, isDualStack bool) (net.IP, error) {
|
||||
}
|
||||
|
||||
// Selects the 10th IP in service subnet CIDR range as dnsIP
|
||||
dnsIP, err := utilnet.GetIndexedIP(svcSubnetCIDR, 10)
|
||||
dnsIP, err := netutils.GetIndexedIP(svcSubnetCIDR, 10)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to get internal Kubernetes Service IP from the given service CIDR")
|
||||
}
|
||||
@@ -649,7 +649,7 @@ func GetKubernetesServiceCIDR(svcSubnetList string, isDualStack bool) (*net.IPNe
|
||||
// The default service address family for the cluster is the address family of the first
|
||||
// service cluster IP range configured via the `--service-cluster-ip-range` flag
|
||||
// of the kube-controller-manager and kube-apiserver.
|
||||
svcSubnets, err := utilnet.ParseCIDRs(strings.Split(svcSubnetList, ","))
|
||||
svcSubnets, err := netutils.ParseCIDRs(strings.Split(svcSubnetList, ","))
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "unable to parse ServiceSubnet %v", svcSubnetList)
|
||||
}
|
||||
@@ -659,7 +659,7 @@ func GetKubernetesServiceCIDR(svcSubnetList string, isDualStack bool) (*net.IPNe
|
||||
return svcSubnets[0], nil
|
||||
}
|
||||
// internal IP address for the API server
|
||||
_, svcSubnet, err := net.ParseCIDR(svcSubnetList)
|
||||
_, svcSubnet, err := netutils.ParseCIDRSloppy(svcSubnetList)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "unable to parse ServiceSubnet %v", svcSubnetList)
|
||||
}
|
||||
@@ -672,7 +672,7 @@ func GetAPIServerVirtualIP(svcSubnetList string, isDualStack bool) (net.IP, erro
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to get internal Kubernetes Service IP from the given service CIDR")
|
||||
}
|
||||
internalAPIServerVirtualIP, err := utilnet.GetIndexedIP(svcSubnet, 1)
|
||||
internalAPIServerVirtualIP, err := netutils.GetIndexedIP(svcSubnet, 1)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "unable to get the first IP address from the given CIDR: %s", svcSubnet.String())
|
||||
}
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
"time"
|
||||
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
|
||||
@@ -46,7 +47,7 @@ var (
|
||||
CommonName: "test-common-name",
|
||||
Organization: []string{"sig-cluster-lifecycle"},
|
||||
AltNames: certutil.AltNames{
|
||||
IPs: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPs: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
},
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
@@ -234,7 +235,7 @@ func TestCertToConfig(t *testing.T) {
|
||||
CommonName: "test-common-name",
|
||||
Organization: []string{"sig-cluster-lifecycle"},
|
||||
AltNames: certutil.AltNames{
|
||||
IPs: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPs: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
},
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
@@ -247,7 +248,7 @@ func TestCertToConfig(t *testing.T) {
|
||||
},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
IPAddresses: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPAddresses: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
}
|
||||
|
||||
cfg := certToConfig(cert)
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
"k8s.io/client-go/util/keyutil"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
|
||||
@@ -161,7 +162,7 @@ func writeTestKubeconfig(t *testing.T, dir, name string, caCert *x509.Certificat
|
||||
Organization: []string{"sig-cluster-lifecycle"},
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
AltNames: certutil.AltNames{
|
||||
IPs: []net.IP{net.ParseIP("10.100.0.1")},
|
||||
IPs: []net.IP{netutils.ParseIPSloppy("10.100.0.1")},
|
||||
DNSNames: []string{"test-domain.space"},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -46,7 +46,7 @@ import (
|
||||
"k8s.io/klog/v2"
|
||||
system "k8s.io/system-validators/validators"
|
||||
utilsexec "k8s.io/utils/exec"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
@@ -432,7 +432,7 @@ func (hst HTTPProxyCheck) Name() string {
|
||||
func (hst HTTPProxyCheck) Check() (warnings, errorList []error) {
|
||||
klog.V(1).Infoln("validating if the connectivity type is via proxy or direct")
|
||||
u := &url.URL{Scheme: hst.Proto, Host: hst.Host}
|
||||
if utilsnet.IsIPv6String(hst.Host) {
|
||||
if netutils.IsIPv6String(hst.Host) {
|
||||
u.Host = net.JoinHostPort(hst.Host, "1234")
|
||||
}
|
||||
|
||||
@@ -474,12 +474,12 @@ func (subnet HTTPProxyCIDRCheck) Check() (warnings, errorList []error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
_, cidr, err := net.ParseCIDR(subnet.CIDR)
|
||||
_, cidr, err := netutils.ParseCIDRSloppy(subnet.CIDR)
|
||||
if err != nil {
|
||||
return nil, []error{errors.Wrapf(err, "error parsing CIDR %q", subnet.CIDR)}
|
||||
}
|
||||
|
||||
testIP, err := utilsnet.GetIndexedIP(cidr, 1)
|
||||
testIP, err := netutils.GetIndexedIP(cidr, 1)
|
||||
if err != nil {
|
||||
return nil, []error{errors.Wrapf(err, "unable to get first IP address from the given CIDR (%s)", cidr.String())}
|
||||
}
|
||||
@@ -941,8 +941,8 @@ func RunInitNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.InitConfigura
|
||||
checks = addCommonChecks(execer, cfg.KubernetesVersion, &cfg.NodeRegistration, checks)
|
||||
|
||||
// Check if Bridge-netfilter and IPv6 relevant flags are set
|
||||
if ip := net.ParseIP(cfg.LocalAPIEndpoint.AdvertiseAddress); ip != nil {
|
||||
if utilsnet.IsIPv6(ip) {
|
||||
if ip := netutils.ParseIPSloppy(cfg.LocalAPIEndpoint.AdvertiseAddress); ip != nil {
|
||||
if netutils.IsIPv6(ip) {
|
||||
checks = append(checks,
|
||||
FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
|
||||
FileContentCheck{Path: ipv6DefaultForwarding, Content: []byte{'1'}},
|
||||
@@ -1006,8 +1006,8 @@ func RunJoinNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.JoinConfigura
|
||||
checks = append(checks,
|
||||
HTTPProxyCheck{Proto: "https", Host: ipstr},
|
||||
)
|
||||
if ip := net.ParseIP(ipstr); ip != nil {
|
||||
if utilsnet.IsIPv6(ip) {
|
||||
if ip := netutils.ParseIPSloppy(ipstr); ip != nil {
|
||||
if netutils.IsIPv6(ip) {
|
||||
addIPv6Checks = true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,18 +17,17 @@ limitations under the License.
|
||||
package apiclient
|
||||
|
||||
import (
|
||||
"net"
|
||||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
core "k8s.io/client-go/testing"
|
||||
utilnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
)
|
||||
@@ -88,12 +87,12 @@ func (idr *InitDryRunGetter) handleKubernetesService(action core.GetAction) (boo
|
||||
return false, nil, nil
|
||||
}
|
||||
|
||||
_, svcSubnet, err := net.ParseCIDR(idr.serviceSubnet)
|
||||
_, svcSubnet, err := netutils.ParseCIDRSloppy(idr.serviceSubnet)
|
||||
if err != nil {
|
||||
return true, nil, errors.Wrapf(err, "error parsing CIDR %q", idr.serviceSubnet)
|
||||
}
|
||||
|
||||
internalAPIServerVirtualIP, err := utilnet.GetIndexedIP(svcSubnet, 1)
|
||||
internalAPIServerVirtualIP, err := netutils.GetIndexedIP(svcSubnet, 1)
|
||||
if err != nil {
|
||||
return true, nil, errors.Wrapf(err, "unable to get first IP address from the given CIDR (%s)", svcSubnet.String())
|
||||
}
|
||||
|
||||
@@ -31,6 +31,7 @@ import (
|
||||
apimachineryversion "k8s.io/apimachinery/pkg/version"
|
||||
componentversion "k8s.io/component-base/version"
|
||||
"k8s.io/klog/v2"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
|
||||
@@ -139,7 +140,7 @@ func LowercaseSANs(sans []string) {
|
||||
// VerifyAPIServerBindAddress can be used to verify if a bind address for the API Server is 0.0.0.0,
|
||||
// in which case this address is not valid and should not be used.
|
||||
func VerifyAPIServerBindAddress(address string) error {
|
||||
ip := net.ParseIP(address)
|
||||
ip := netutils.ParseIPSloppy(address)
|
||||
if ip == nil {
|
||||
return errors.Errorf("cannot parse IP address: %s", address)
|
||||
}
|
||||
@@ -164,7 +165,7 @@ func ChooseAPIServerBindAddress(bindAddress net.IP) (net.IP, error) {
|
||||
if err != nil {
|
||||
if netutil.IsNoRoutesError(err) {
|
||||
klog.Warningf("WARNING: could not obtain a bind address for the API Server: %v; using: %s", err, constants.DefaultAPIServerBindAddress)
|
||||
defaultIP := net.ParseIP(constants.DefaultAPIServerBindAddress)
|
||||
defaultIP := netutils.ParseIPSloppy(constants.DefaultAPIServerBindAddress)
|
||||
if defaultIP == nil {
|
||||
return nil, errors.Errorf("cannot parse default IP address: %s", constants.DefaultAPIServerBindAddress)
|
||||
}
|
||||
|
||||
@@ -31,6 +31,7 @@ import (
|
||||
netutil "k8s.io/apimachinery/pkg/util/net"
|
||||
bootstraputil "k8s.io/cluster-bootstrap/token/util"
|
||||
"k8s.io/klog/v2"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
bootstraptokenv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/bootstraptoken/v1"
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
@@ -122,7 +123,7 @@ func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions,
|
||||
// SetAPIEndpointDynamicDefaults checks and sets configuration values for the APIEndpoint object
|
||||
func SetAPIEndpointDynamicDefaults(cfg *kubeadmapi.APIEndpoint) error {
|
||||
// validate cfg.API.AdvertiseAddress.
|
||||
addressIP := net.ParseIP(cfg.AdvertiseAddress)
|
||||
addressIP := netutils.ParseIPSloppy(cfg.AdvertiseAddress)
|
||||
if addressIP == nil && cfg.AdvertiseAddress != "" {
|
||||
return errors.Errorf("couldn't use \"%s\" as \"apiserver-advertise-address\", must be ipv4 or ipv6 address", cfg.AdvertiseAddress)
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/validation"
|
||||
utilsnet "k8s.io/utils/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
)
|
||||
@@ -100,7 +100,7 @@ func ParseHostPort(hostport string) (string, string, error) {
|
||||
}
|
||||
|
||||
// if host is a valid IP, returns it
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip != nil {
|
||||
return host, port, nil
|
||||
}
|
||||
|
||||
@@ -115,7 +115,7 @@ func ParseHostPort(hostport string) (string, string, error) {
|
||||
// ParsePort parses a string representing a TCP port.
|
||||
// If the string is not a valid representation of a TCP port, ParsePort returns an error.
|
||||
func ParsePort(port string) (int, error) {
|
||||
portInt, err := utilsnet.ParsePort(port, true)
|
||||
portInt, err := netutils.ParsePort(port, true)
|
||||
if err == nil && (1 <= portInt && portInt <= 65535) {
|
||||
return portInt, nil
|
||||
}
|
||||
@@ -133,7 +133,7 @@ func parseAPIEndpoint(localEndpoint *kubeadmapi.APIEndpoint) (net.IP, string, er
|
||||
}
|
||||
|
||||
// parse the AdvertiseAddress
|
||||
var ip = net.ParseIP(localEndpoint.AdvertiseAddress)
|
||||
var ip = netutils.ParseIPSloppy(localEndpoint.AdvertiseAddress)
|
||||
if ip == nil {
|
||||
return nil, "", errors.Errorf("invalid value `%s` given for api.advertiseAddress", localEndpoint.AdvertiseAddress)
|
||||
}
|
||||
|
||||
@@ -41,6 +41,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/validation"
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
"k8s.io/client-go/util/keyutil"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
@@ -417,7 +418,7 @@ func pathForCSR(pkiPath, name string) string {
|
||||
// GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate
|
||||
func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error) {
|
||||
// advertise address
|
||||
advertiseAddress := net.ParseIP(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
advertiseAddress := netutils.ParseIPSloppy(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
if advertiseAddress == nil {
|
||||
return nil, errors.Errorf("error parsing LocalAPIEndpoint AdvertiseAddress %v: is not a valid textual representation of an IP address",
|
||||
cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
@@ -446,7 +447,7 @@ func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames
|
||||
// add cluster controlPlaneEndpoint if present (dns or ip)
|
||||
if len(cfg.ControlPlaneEndpoint) > 0 {
|
||||
if host, _, err := kubeadmutil.ParseHostPort(cfg.ControlPlaneEndpoint); err == nil {
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip != nil {
|
||||
altNames.IPs = append(altNames.IPs, ip)
|
||||
} else {
|
||||
altNames.DNSNames = append(altNames.DNSNames, host)
|
||||
@@ -478,7 +479,7 @@ func GetEtcdPeerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames,
|
||||
// getAltNames builds an AltNames object with the cfg and certName.
|
||||
func getAltNames(cfg *kubeadmapi.InitConfiguration, certName string) (*certutil.AltNames, error) {
|
||||
// advertise address
|
||||
advertiseAddress := net.ParseIP(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
advertiseAddress := netutils.ParseIPSloppy(cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
if advertiseAddress == nil {
|
||||
return nil, errors.Errorf("error parsing LocalAPIEndpoint AdvertiseAddress %v: is not a valid textual representation of an IP address",
|
||||
cfg.LocalAPIEndpoint.AdvertiseAddress)
|
||||
@@ -508,7 +509,7 @@ func getAltNames(cfg *kubeadmapi.InitConfiguration, certName string) (*certutil.
|
||||
// certNames is used to print user facing warnings and should be the name of the cert the altNames will be used for
|
||||
func appendSANsToAltNames(altNames *certutil.AltNames, SANs []string, certName string) {
|
||||
for _, altname := range SANs {
|
||||
if ip := net.ParseIP(altname); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(altname); ip != nil {
|
||||
altNames.IPs = append(altNames.IPs, ip)
|
||||
} else if len(validation.IsDNS1123Subdomain(altname)) == 0 {
|
||||
altNames.DNSNames = append(altNames.DNSNames, altname)
|
||||
|
||||
@@ -30,6 +30,7 @@ import (
|
||||
"testing"
|
||||
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
)
|
||||
@@ -633,7 +634,7 @@ func TestGetAPIServerAltNames(t *testing.T) {
|
||||
for _, IPAddress := range rt.expectedIPAddresses {
|
||||
found := false
|
||||
for _, val := range altNames.IPs {
|
||||
if val.Equal(net.ParseIP(IPAddress)) {
|
||||
if val.Equal(netutils.ParseIPSloppy(IPAddress)) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
@@ -698,7 +699,7 @@ func TestGetEtcdAltNames(t *testing.T) {
|
||||
t.Run(IPAddress, func(t *testing.T) {
|
||||
found := false
|
||||
for _, val := range altNames.IPs {
|
||||
if val.Equal(net.ParseIP(IPAddress)) {
|
||||
if val.Equal(netutils.ParseIPSloppy(IPAddress)) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
@@ -757,7 +758,7 @@ func TestGetEtcdPeerAltNames(t *testing.T) {
|
||||
for _, IPAddress := range expectedIPAddresses {
|
||||
found := false
|
||||
for _, val := range altNames.IPs {
|
||||
if val.Equal(net.ParseIP(IPAddress)) {
|
||||
if val.Equal(netutils.ParseIPSloppy(IPAddress)) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user