Skip to content

fix: use address 0.0.0.0 in Kubernetes env (#579)#580

Merged
mcollina merged 2 commits intofastify:masterfrom
sinedied:fix-k8s-port
Jan 12, 2023
Merged

fix: use address 0.0.0.0 in Kubernetes env (#579)#580
mcollina merged 2 commits intofastify:masterfrom
sinedied:fix-k8s-port

Conversation

@sinedied
Copy link
Copy Markdown
Contributor

@sinedied sinedied commented Jan 12, 2023

Checklist

This PR adds a check so that it automatically use 0.0.0.0 when running inside a Kubernetes environment.

climba03003
climba03003 reviewed Jan 12, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@climba03003 climba03003 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still in favor of multiple methods for the detection.

For example, different cloud platform may result in derivation of behavior which means that this environment variables are not always set.
https://stackoverflow.com/questions/66470062/aks-not-creating-kubernetes-service-host-and-kubernetes-service-port-environment

@climba03003
Copy link
Copy Markdown
Member

climba03003 commented Jan 12, 2023

A proper implementation should be follow kubectl check.

By default kubectl will first determine if it is running within a pod, and thus in a cluster. It starts by checking for the KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT environment variables and the existence of a service account token file at /var/run/secrets/kubernetes.io/serviceaccount/token. If all three are found in-cluster authentication is assumed.

To maintain backwards compatibility, if the POD_NAMESPACE environment variable is set during in-cluster authentication it will override the default namespace from the service account token. Any manifests or tools relying on namespace defaulting will be affected by this.

We are not authenticating for in-cluster but the method is good for environment detection.

mcollina
mcollina approved these changes Jan 12, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@sinedied
Copy link
Copy Markdown
Contributor Author

sinedied commented Jan 12, 2023
edited
Loading

A proper implementation should be follow kubectl check.

By default kubectl will first determine if it is running within a pod, and thus in a cluster. It starts by checking for the KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT environment variables and the existence of a service account token file at /var/run/secrets/kubernetes.io/serviceaccount/token. If all three are found in-cluster authentication is assumed.

To maintain backwards compatibility, if the POD_NAMESPACE environment variable is set during in-cluster authentication it will override the default namespace from the service account token. Any manifests or tools relying on namespace defaulting will be affected by this.

We are not authenticating for in-cluster but the method is good for environment detection.

Good point, I'll update the PR with the additional check. I was looking for something similar in the docs, but couldn't find it 🙂

@mcollina mcollina merged commit 71e0a90 into fastify:master Jan 12, 2023
@Summonshr Summonshr mentioned this pull request Jun 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollina mcollina mcollina approved these changes

@climba03003 climba03003 climba03003 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sinedied @climba03003 @mcollina