From 09f3d1304ffb8d9c5362220bf4f18065abdd92b0 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 21 May 2025 14:07:45 +0200 Subject: [PATCH 1/5] chore!(stackable-webhook): Default listen address to bind to all interfaces --- crates/stackable-webhook/src/constants.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crates/stackable-webhook/src/constants.rs b/crates/stackable-webhook/src/constants.rs index 65f7c1ebb..cb46c8d02 100644 --- a/crates/stackable-webhook/src/constants.rs +++ b/crates/stackable-webhook/src/constants.rs @@ -5,8 +5,10 @@ use std::net::{IpAddr, Ipv4Addr, SocketAddr}; /// The default HTTPS port `8443` pub const DEFAULT_HTTPS_PORT: u16 = 8443; -/// The default IP address `127.0.0.1` the webhook server binds to. -pub const DEFAULT_IP_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)); +/// The default IP address [`Ipv4Addr::UNSPECIFIED`] (`0.0.0.0`) the webhook server binds to, +/// which represents binding on all network interfaces. +pub const DEFAULT_LISTEN_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::UNSPECIFIED); -/// The default socket address `127.0.0.1:8443` the webhook server vinds to. -pub const DEFAULT_SOCKET_ADDR: SocketAddr = SocketAddr::new(DEFAULT_IP_ADDRESS, DEFAULT_HTTPS_PORT); +/// The default socket address `0.0.0.0:8443` the webhook server binds to. +pub const DEFAULT_SOCKET_ADDR: SocketAddr = + SocketAddr::new(DEFAULT_LISTEN_ADDRESS, DEFAULT_HTTPS_PORT); From 6af1dfd64d3f8c9f37ee143a5120ef8af52e22e3 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 21 May 2025 14:10:21 +0200 Subject: [PATCH 2/5] changelog --- crates/stackable-webhook/CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crates/stackable-webhook/CHANGELOG.md b/crates/stackable-webhook/CHANGELOG.md index 638391632..dafcf53ea 100644 --- a/crates/stackable-webhook/CHANGELOG.md +++ b/crates/stackable-webhook/CHANGELOG.md @@ -8,7 +8,15 @@ All notable changes to this project will be documented in this file. - Don't pull in the `aws-lc-rs` crate, as this currently fails to build in `make run-dev` ([#1043]). +### Changed + +- BREAKING: The constant `DEFAULT_IP_ADDRESS` has been renamed to `DEFAULT_LISTEN_ADDRESS` and binds to all + interfaces (instead of only loopback) by default. This was changed because all the webhooks + deployed to Kubernetes (e.g. conversion or mutating - which this crate targets) need to be + accessible by it, which is not the case when only using loopback ([#1045]). + [#1043]: https://github.com/stackabletech/operator-rs/pull/1043 +[#1045]: https://github.com/stackabletech/operator-rs/pull/1045 ## [0.3.1] - 2024-07-10 From f0721bc6ed57ba0b00d2326c715bda04d0a88add Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 21 May 2025 15:08:55 +0200 Subject: [PATCH 3/5] interfaces -> addresses --- crates/stackable-webhook/CHANGELOG.md | 2 +- crates/stackable-webhook/src/constants.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/stackable-webhook/CHANGELOG.md b/crates/stackable-webhook/CHANGELOG.md index dafcf53ea..bcf5fd378 100644 --- a/crates/stackable-webhook/CHANGELOG.md +++ b/crates/stackable-webhook/CHANGELOG.md @@ -11,7 +11,7 @@ All notable changes to this project will be documented in this file. ### Changed - BREAKING: The constant `DEFAULT_IP_ADDRESS` has been renamed to `DEFAULT_LISTEN_ADDRESS` and binds to all - interfaces (instead of only loopback) by default. This was changed because all the webhooks + addresses (instead of only loopback) by default. This was changed because all the webhooks deployed to Kubernetes (e.g. conversion or mutating - which this crate targets) need to be accessible by it, which is not the case when only using loopback ([#1045]). diff --git a/crates/stackable-webhook/src/constants.rs b/crates/stackable-webhook/src/constants.rs index cb46c8d02..32bbf0f33 100644 --- a/crates/stackable-webhook/src/constants.rs +++ b/crates/stackable-webhook/src/constants.rs @@ -6,7 +6,7 @@ use std::net::{IpAddr, Ipv4Addr, SocketAddr}; pub const DEFAULT_HTTPS_PORT: u16 = 8443; /// The default IP address [`Ipv4Addr::UNSPECIFIED`] (`0.0.0.0`) the webhook server binds to, -/// which represents binding on all network interfaces. +/// which represents binding on all network addresses. pub const DEFAULT_LISTEN_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::UNSPECIFIED); /// The default socket address `0.0.0.0:8443` the webhook server binds to. From 0c72fe869100d8077bb2bc509810d93dd3d42acc Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 21 May 2025 15:10:55 +0200 Subject: [PATCH 4/5] DEFAULT_SOCKET_ADDR -> DEFAULT_SOCKET_ADDRESS --- crates/stackable-webhook/CHANGELOG.md | 3 ++- crates/stackable-webhook/src/constants.rs | 2 +- crates/stackable-webhook/src/options.rs | 8 ++++---- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/crates/stackable-webhook/CHANGELOG.md b/crates/stackable-webhook/CHANGELOG.md index bcf5fd378..a7354362f 100644 --- a/crates/stackable-webhook/CHANGELOG.md +++ b/crates/stackable-webhook/CHANGELOG.md @@ -13,7 +13,8 @@ All notable changes to this project will be documented in this file. - BREAKING: The constant `DEFAULT_IP_ADDRESS` has been renamed to `DEFAULT_LISTEN_ADDRESS` and binds to all addresses (instead of only loopback) by default. This was changed because all the webhooks deployed to Kubernetes (e.g. conversion or mutating - which this crate targets) need to be - accessible by it, which is not the case when only using loopback ([#1045]). + accessible by it, which is not the case when only using loopback. + Also, the constant `DEFAULT_SOCKET_ADDR` has been renamed to `DEFAULT_SOCKET_ADDRESS` ([#1045]). [#1043]: https://github.com/stackabletech/operator-rs/pull/1043 [#1045]: https://github.com/stackabletech/operator-rs/pull/1045 diff --git a/crates/stackable-webhook/src/constants.rs b/crates/stackable-webhook/src/constants.rs index 32bbf0f33..6caf9112b 100644 --- a/crates/stackable-webhook/src/constants.rs +++ b/crates/stackable-webhook/src/constants.rs @@ -10,5 +10,5 @@ pub const DEFAULT_HTTPS_PORT: u16 = 8443; pub const DEFAULT_LISTEN_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::UNSPECIFIED); /// The default socket address `0.0.0.0:8443` the webhook server binds to. -pub const DEFAULT_SOCKET_ADDR: SocketAddr = +pub const DEFAULT_SOCKET_ADDRESS: SocketAddr = SocketAddr::new(DEFAULT_LISTEN_ADDRESS, DEFAULT_HTTPS_PORT); diff --git a/crates/stackable-webhook/src/options.rs b/crates/stackable-webhook/src/options.rs index bf810ebd6..99a01133e 100644 --- a/crates/stackable-webhook/src/options.rs +++ b/crates/stackable-webhook/src/options.rs @@ -6,7 +6,7 @@ use std::{ use stackable_certs::PrivateKeyType; -use crate::constants::DEFAULT_SOCKET_ADDR; +use crate::constants::DEFAULT_SOCKET_ADDRESS; /// Specifies available webhook server options. /// @@ -78,7 +78,7 @@ impl OptionsBuilder { /// Sets the IP address of the socket address the webhook server uses to /// bind for HTTPS. pub fn bind_ip(mut self, bind_ip: impl Into) -> Self { - let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDR); + let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDRESS); addr.set_ip(bind_ip.into()); self } @@ -86,7 +86,7 @@ impl OptionsBuilder { /// Sets the port of the socket address the webhook server uses to bind /// for HTTPS. pub fn bind_port(mut self, bind_port: u16) -> Self { - let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDR); + let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDRESS); addr.set_port(bind_port); self } @@ -95,7 +95,7 @@ impl OptionsBuilder { /// explicitly set option. pub fn build(self) -> Options { Options { - socket_addr: self.socket_addr.unwrap_or(DEFAULT_SOCKET_ADDR), + socket_addr: self.socket_addr.unwrap_or(DEFAULT_SOCKET_ADDRESS), } } } From b0684e634e4712038e2b34a3224d2177817c70a0 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 21 May 2025 15:30:19 +0200 Subject: [PATCH 5/5] hint on IPv6 usage --- crates/stackable-webhook/src/constants.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crates/stackable-webhook/src/constants.rs b/crates/stackable-webhook/src/constants.rs index 6caf9112b..b3553c4f0 100644 --- a/crates/stackable-webhook/src/constants.rs +++ b/crates/stackable-webhook/src/constants.rs @@ -7,6 +7,10 @@ pub const DEFAULT_HTTPS_PORT: u16 = 8443; /// The default IP address [`Ipv4Addr::UNSPECIFIED`] (`0.0.0.0`) the webhook server binds to, /// which represents binding on all network addresses. +// +// TODO: We might want to switch to `Ipv6Addr::UNSPECIFIED)` here, as this *normally* binds to IPv4 +// and IPv6. However, it's complicated and depends on the underlying system... +// If we do so, we should set `set_only_v6(false)` on the socket to not rely on system defaults. pub const DEFAULT_LISTEN_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::UNSPECIFIED); /// The default socket address `0.0.0.0:8443` the webhook server binds to.