feat: create certificates with all non-loopback addresses (#424)

Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
2019-02-25 23:02:56 -08:00 · 2019-02-25 23:02:56 -08:00 · dce3e2c672
commit dce3e2c672
parent c63ef4477b
3 changed files with 15 additions and 9 deletions
--- a/internal/app/proxyd/internal/frontend/frontend.go
+++ b/internal/app/proxyd/internal/frontend/frontend.go
@ -17,6 +17,7 @@ import (

 	"github.com/autonomy/talos/internal/app/proxyd/internal/backend"
 	pkgnet "github.com/autonomy/talos/internal/pkg/net"
+	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/client-go/kubernetes"
@ -132,10 +133,14 @@ func (r *ReverseProxy) Watch() (err error) {
 	if err != nil {
 		return
 	}
-	ip, err := pkgnet.IP()
+	ips, err := pkgnet.IPAddrs()
 	if err != nil {
 		return
 	}
+	if len(ips) == 0 {
+		return errors.New("no IP address found for bootstrap backend")
+	}
+	ip := ips[0]
 	// Update the host to the node's IP.
 	config.Host = ip.String() + ":6443"
 	// Add the node for the purposes of bootstrapping. If we don't do this, the
--- a/internal/pkg/net/net.go
+++ b/internal/pkg/net/net.go
@ -5,12 +5,14 @@
 package net

 import (
-	"fmt"
 	"net"
 )

-// IP finds and returns the first non-loopback interface of the current machine.
-func IP() (ip net.IP, err error) {
+// IPAddrs finds and returns a list of non-loopback IPv4 addresses of the
+// current machine.
+func IPAddrs() (ips []net.IP, err error) {
+	ips = []net.IP{}
+
 	addrs, err := net.InterfaceAddrs()
 	if err != nil {
 		return
@ -19,10 +21,11 @@ func IP() (ip net.IP, err error) {
 	for _, a := range addrs {
 		if ipnet, ok := a.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
 			if ipnet.IP.To4() != nil {
-				return ipnet.IP, nil
+				ips = append(ips, ipnet.IP)
+
 			}
 		}
 	}

-	return nil, fmt.Errorf("could not discover IP address")
+	return ips, nil
 }
--- a/internal/pkg/userdata/userdata.go
+++ b/internal/pkg/userdata/userdata.go
@ -12,7 +12,6 @@ import (
 	"io/ioutil"
 	"log"
 	"math"
-	stdlibnet "net"
 	"net/http"
 	"os"
 	"path"
@ -274,7 +273,7 @@ func (data *Security) NewIdentityCSR() (csr *x509.CertificateSigningRequest, err
 	if err != nil {
 		return nil, err
 	}
-	addr, err := net.IP()
+	ips, err := net.IPAddrs()
 	if err != nil {
 		return nil, err
 	}
@ -284,7 +283,6 @@ func (data *Security) NewIdentityCSR() (csr *x509.CertificateSigningRequest, err
 	}
 	opts := []x509.Option{}
 	names := []string{hostname}
-	ips := []stdlibnet.IP{addr}
 	opts = append(opts, x509.DNSNames(names))
 	opts = append(opts, x509.IPAddresses(ips))
 	opts = append(opts, x509.NotAfter(time.Now().Add(time.Duration(8760)*time.Hour)))