portainer
Support listening on K2D_ADVERTISE_ADDR
According to a segment of code below https://github.com/portainer/k2d/blob/6b185b025f04d78ca8b874ee95d2cddb10b989d3/cmd/k2d.go#L189C1-L193C13
and this issue on go official https://github.com/golang/go/issues/5197
The k2d container always listen on [:::6443] and all interfaces will be listening when running on docker network=host mode.
I desire to use k2d on a LAN network for the educational purpose, so I need to public the k2d only on the LAN interface when using docker network=host mode. There is a work around available now by running on network=bridge mode and then publish the container port to the host network.
Yeah we have to clarify the docs I think. The host network is only required for k2d to automatically guess the IP of the host in case you are running on a host with a single network interface.
We might actually drop that dependency on the host network and make the K2D_ADVERTISE_ADDR a mandatory parameter. However, I would also like to find a smarter way to retrieve this.
Currently the K2D_ADVERTISE_ADDR is used to generate the TLS certificates associated with the API server.
If I understand correctly @barrydevp you would like to expose k2d over K2D_ADVERTISE_ADDR:PORT instead of :6443 ? Do you want to prevent access to k2d from other networks your machine is running into?
Yes, you are fully correct. In this case I only want k2d to publish on advertise_addr:6443 to prevent traffic from another interfaces without using firewall.
That sounds legit to me and tbf that should have been the original behavior - probably an oversight.
