Merge pull request kubernetes-sigs#573 from BenTheElder/use-ip

use APIServerAddress in KUBECONFIG

pkg/cluster/internal/create/actions/config/config.go

@@ -78,6 +78,7 @@ func (a *Action) Execute(ctx *actions.ActionContext) error {
 			KubernetesVersion:    kubeVersion,
 			ControlPlaneEndpoint: controlPlaneEndpoint,
 			APIBindPort:          kubeadm.APIServerPort,
+			APIServerAddress:     ctx.Config.Networking.APIServerAddress,
 			Token:                kubeadm.Token,
 			PodSubnet:            ctx.Config.Networking.PodSubnet,
 		},

pkg/cluster/internal/create/actions/kubeadminit/init.go

@@ -21,6 +21,7 @@ import (
 	"bytes"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -94,7 +95,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error {
 	}
 
 	kubeConfigPath := ctx.ClusterContext.KubeConfigPath()
-	if err := writeKubeConfig(node, kubeConfigPath, hostPort); err != nil {
+	if err := writeKubeConfig(node, kubeConfigPath, ctx.Config.Networking.APIServerAddress, hostPort); err != nil {
 		return errors.Wrap(err, "failed to get kubeconfig from node")
 	}
 
@@ -117,15 +118,15 @@ func (a *action) Execute(ctx *actions.ActionContext) error {
 // matches kubeconfig server entry like:
 //    server: https://172.17.0.2:6443
 // which we rewrite to:
-//    server: https://localhost:$PORT
+//    server: https://$ADDRESS:$PORT
 var serverAddressRE = regexp.MustCompile(`^(\s+server:) https://.*:\d+$`)
 
 // writeKubeConfig writes a fixed KUBECONFIG to dest
 // this should only be called on a control plane node
 // While copyng to the host machine the control plane address
 // is replaced with local host and the control plane port with
 // a randomly generated port reserved during node creation.
-func writeKubeConfig(n *nodes.Node, dest string, hostPort int32) error {
+func writeKubeConfig(n *nodes.Node, dest string, hostAddress string, hostPort int32) error {
 	cmd := n.Command("cat", "/etc/kubernetes/admin.conf")
 	lines, err := exec.CombinedOutputLines(cmd)
 	if err != nil {
@@ -137,7 +138,8 @@ func writeKubeConfig(n *nodes.Node, dest string, hostPort int32) error {
 	for _, line := range lines {
 		match := serverAddressRE.FindStringSubmatch(line)
 		if len(match) > 1 {
-			line = fmt.Sprintf("%s https://localhost:%d", match[1], hostPort)
+			addr := net.JoinHostPort(hostAddress, fmt.Sprintf("%d", hostPort))
+			line = fmt.Sprintf("%s https://%s", match[1], addr)
 		}
 		buff.WriteString(line)
 		buff.WriteString("\n")

pkg/cluster/internal/kubeadm/config.go

@@ -34,6 +34,8 @@ type ConfigData struct {
 	ControlPlaneEndpoint string
 	// The Local API Server port
 	APIBindPort int
+	// The API server external listen IP (which we will port forward)
+	APIServerAddress string
 	// The Token for TLS bootstrap
 	Token string
 	// The subnet used for pods
@@ -92,7 +94,7 @@ apiServerExtraVolumes:
 # on docker for mac we have to expose the api server via port forward,
 # so we need to ensure the cert is valid for localhost so we can talk
 # to the cluster after rewriting the kubeconfig to point to localhost
-apiServerCertSANs: [localhost]
+apiServerCertSANs: [localhost, {{.APIServerAddress}}]
 kubeletConfiguration:
   baseConfig:
     # disable disk resource management by default
@@ -141,7 +143,7 @@ apiServerExtraVolumes:
 # on docker for mac we have to expose the api server via port forward,
 # so we need to ensure the cert is valid for localhost so we can talk
 # to the cluster after rewriting the kubeconfig to point to localhost
-apiServerCertSANs: [localhost]
+apiServerCertSANs: [localhost, {{.APIServerAddress}}]
 controllerManagerExtraArgs:
   enable-hostpath-provisioner: "true"
 networking:
@@ -204,7 +206,7 @@ controlPlaneEndpoint: {{ .ControlPlaneEndpoint }}
 # so we need to ensure the cert is valid for localhost so we can talk
 # to the cluster after rewriting the kubeconfig to point to localhost
 apiServer:
-  certSANs: [localhost]
+  certSANs: [localhost, {{.APIServerAddress}}]
 controllerManager:
   extraArgs:
     enable-hostpath-provisioner: "true"