Minikube: Cannot change apiserver-ips after initial minikube start

Created on 1 Dec 2020  路  3Comments  路  Source: kubernetes/minikube

Steps to reproduce the issue:

  1. minikube start --vm-driver=none --apiserver-ips=1.1.1.1 ...
  2. minikube stop
  3. minikube start --vm-driver=none --apiserver-ips=2.2.2.2 ...

The apiserver certificate has still the initial address in its SAN:

openssl x509 -in /var/lib/minikube/apiserver.crt -text
....
        X509v3 extensions:
            ...
            X509v3 Subject Alternative Name: 
                ... IP Address:1.1.1.1, ....

It seems the behavior changed in v1.10 with https://github.com/kubernetes/minikube/commit/bee681559b#diff-0e864ab4025634664724909a47c34fbcae246ad52307eaaaa58153f0b256a8b4L345.

While it is possible to modify apiserver-names (that had also issues but fixed recently with https://github.com/kubernetes/minikube/pull/9385) I cannot change apiserver-ips.

What was the rationale behind this change? Is this by design? Is there any way to work around this regression?

Maybe related to https://github.com/kubernetes/minikube/issues/6024.

kinbug prioritimportant-longterm
Source
picture dimara
👍1

Most helpful comment

@medyagh I am currently testing a patch and will submit a PR ASAP. Regarding the real-world reasons for such a feature, we (Arrikto) already use it in MiniKF to access K8s remotely via its public IP over HTTPS. Since the IP is ephemeral and might change we need to be able to update the certs accordingly.

picture dimara on 2 Dec 2020
👍2

All 3 comments

@dimara thanks for creating this issue, that might be a bug that we missed in that PR ! I would accept a PR that fixes this.

btw I am curious, what are the real-world reasons that one would want to specify the api server's IPs ?

medyagh picture medyagh on 1 Dec 2020

@medyagh I am currently testing a patch and will submit a PR ASAP. Regarding the real-world reasons for such a feature, we (Arrikto) already use it in MiniKF to access K8s remotely via its public IP over HTTPS. Since the IP is ephemeral and might change we need to be able to update the certs accordingly.

dimara picture dimara on 2 Dec 2020
👍2

This work is in progress in #9876, thank you for working on this @dimara

priyawadhwa picture priyawadhwa on 9 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mrtkp9993 picture mrtkp9993  路  3Comments
hank-cp picture hank-cp  路  3Comments
vainikkaj picture vainikkaj  路  3Comments
xmnlab picture xmnlab  路  3Comments
djschny picture djschny  路  3Comments