Adds listen-address CLI flags for all services servers.

cmd/daprd/app/app.go

@@ -136,44 +136,46 @@ func Run() {
  }
 
  rt, rerr := runtime.FromConfig(ctx, &runtime.Config{
- AppID: opts.AppID,
- ActorsService: opts.ActorsService,
- RemindersService: opts.RemindersService,
- AllowedOrigins: opts.AllowedOrigins,
- ResourcesPath: opts.ResourcesPath,
- ControlPlaneAddress: opts.ControlPlaneAddress,
- AppProtocol: opts.AppProtocol,
- Mode: opts.Mode,
- DaprHTTPPort: opts.DaprHTTPPort,
- DaprInternalGRPCPort: opts.DaprInternalGRPCPort,
- DaprAPIGRPCPort: opts.DaprAPIGRPCPort,
- DaprAPIListenAddresses: opts.DaprAPIListenAddresses,
- DaprPublicPort: opts.DaprPublicPort,
- ApplicationPort: opts.AppPort,
- ProfilePort: opts.ProfilePort,
- EnableProfiling: opts.EnableProfiling,
- AppMaxConcurrency: opts.AppMaxConcurrency,
- EnableMTLS: opts.EnableMTLS,
- SentryAddress: opts.SentryAddress,
- MaxRequestSize: opts.MaxRequestSize,
- ReadBufferSize: opts.ReadBufferSize,
- UnixDomainSocket: opts.UnixDomainSocket,
- DaprGracefulShutdownSeconds: opts.DaprGracefulShutdownSeconds,
- DaprBlockShutdownDuration: opts.DaprBlockShutdownDuration,
- DisableBuiltinK8sSecretStore: opts.DisableBuiltinK8sSecretStore,
- EnableAppHealthCheck: opts.EnableAppHealthCheck,
- AppHealthCheckPath: opts.AppHealthCheckPath,
- AppHealthProbeInterval: opts.AppHealthProbeInterval,
- AppHealthProbeTimeout: opts.AppHealthProbeTimeout,
- AppHealthThreshold: opts.AppHealthThreshold,
- AppChannelAddress: opts.AppChannelAddress,
- EnableAPILogging: opts.EnableAPILogging,
- Config: opts.Config,
- Metrics: opts.Metrics,
- AppSSL: opts.AppSSL,
- ComponentsPath: opts.ComponentsPath,
- Registry: reg,
- Security: sec,
+ AppID: opts.AppID,
+ ActorsService: opts.ActorsService,
+ RemindersService: opts.RemindersService,
+ AllowedOrigins: opts.AllowedOrigins,
+ ResourcesPath: opts.ResourcesPath,
+ ControlPlaneAddress: opts.ControlPlaneAddress,
+ AppProtocol: opts.AppProtocol,
+ Mode: opts.Mode,
+ DaprHTTPPort: opts.DaprHTTPPort,
+ DaprInternalGRPCPort: opts.DaprInternalGRPCPort,
+ DaprInternalGRPCListenAddress: opts.DaprInternalGRPCListenAddress,
+ DaprAPIGRPCPort: opts.DaprAPIGRPCPort,
+ DaprAPIListenAddresses: opts.DaprAPIListenAddresses,
+ DaprPublicPort: opts.DaprPublicPort,
+ DaprPublicListenAddress: opts.DaprPublicListenAddress,
+ ApplicationPort: opts.AppPort,
+ ProfilePort: opts.ProfilePort,
+ EnableProfiling: opts.EnableProfiling,
+ AppMaxConcurrency: opts.AppMaxConcurrency,
+ EnableMTLS: opts.EnableMTLS,
+ SentryAddress: opts.SentryAddress,
+ MaxRequestSize: opts.MaxRequestSize,
+ ReadBufferSize: opts.ReadBufferSize,
+ UnixDomainSocket: opts.UnixDomainSocket,
+ DaprGracefulShutdownSeconds: opts.DaprGracefulShutdownSeconds,
+ DaprBlockShutdownDuration: opts.DaprBlockShutdownDuration,
+ DisableBuiltinK8sSecretStore: opts.DisableBuiltinK8sSecretStore,
+ EnableAppHealthCheck: opts.EnableAppHealthCheck,
+ AppHealthCheckPath: opts.AppHealthCheckPath,
+ AppHealthProbeInterval: opts.AppHealthProbeInterval,
+ AppHealthProbeTimeout: opts.AppHealthProbeTimeout,
+ AppHealthThreshold: opts.AppHealthThreshold,
+ AppChannelAddress: opts.AppChannelAddress,
+ EnableAPILogging: opts.EnableAPILogging,
+ Config: opts.Config,
+ Metrics: opts.Metrics,
+ AppSSL: opts.AppSSL,
+ ComponentsPath: opts.ComponentsPath,
+ Registry: reg,
+ Security: sec,
  })
  if rerr != nil {
  return rerr

cmd/daprd/options/options.go

@@ -35,49 +35,51 @@ import (
 )
 
 type Options struct {
- AppID string
- ComponentsPath string
- ControlPlaneAddress string
- ControlPlaneTrustDomain string
- ControlPlaneNamespace string
- SentryAddress string
- TrustAnchors []byte
- AllowedOrigins string
- EnableProfiling bool
- AppMaxConcurrency int
- EnableMTLS bool
- AppSSL bool
- MaxRequestSize int // In bytes
- ResourcesPath []string
- AppProtocol string
- EnableAPILogging *bool
- RuntimeVersion bool
- BuildInfo bool
- WaitCommand bool
- DaprHTTPPort string
- DaprAPIGRPCPort string
- ProfilePort string
- DaprInternalGRPCPort string
- DaprPublicPort string
- AppPort string
- DaprGracefulShutdownSeconds int
- DaprBlockShutdownDuration *time.Duration
- ActorsService string
- RemindersService string
- DaprAPIListenAddresses string
- AppHealthProbeInterval int
- AppHealthProbeTimeout int
- AppHealthThreshold int
- EnableAppHealthCheck bool
- Mode string
- Config []string
- UnixDomainSocket string
- ReadBufferSize int // In bytes
- DisableBuiltinK8sSecretStore bool
- AppHealthCheckPath string
- AppChannelAddress string
- Logger logger.Options
- Metrics *metrics.Options
+ AppID string
+ ComponentsPath string
+ ControlPlaneAddress string
+ ControlPlaneTrustDomain string
+ ControlPlaneNamespace string
+ SentryAddress string
+ TrustAnchors []byte
+ AllowedOrigins string
+ EnableProfiling bool
+ AppMaxConcurrency int
+ EnableMTLS bool
+ AppSSL bool
+ MaxRequestSize int // In bytes
+ ResourcesPath []string
+ AppProtocol string
+ EnableAPILogging *bool
+ RuntimeVersion bool
+ BuildInfo bool
+ WaitCommand bool
+ DaprHTTPPort string
+ DaprAPIGRPCPort string
+ ProfilePort string
+ DaprInternalGRPCPort string
+ DaprInternalGRPCListenAddress string
+ DaprPublicPort string
+ DaprPublicListenAddress string
+ AppPort string
+ DaprGracefulShutdownSeconds int
+ DaprBlockShutdownDuration *time.Duration
+ ActorsService string
+ RemindersService string
+ DaprAPIListenAddresses string
+ AppHealthProbeInterval int
+ AppHealthProbeTimeout int
+ AppHealthThreshold int
+ EnableAppHealthCheck bool
+ Mode string
+ Config []string
+ UnixDomainSocket string
+ ReadBufferSize int // In bytes
+ DisableBuiltinK8sSecretStore bool
+ AppHealthCheckPath string
+ AppChannelAddress string
+ Logger logger.Options
+ Metrics *metrics.Options
 }
 
 func New(origArgs []string) (*Options, error) {
@@ -117,8 +119,10 @@ func New(origArgs []string) (*Options, error) {
  fs.StringVar(&opts.DaprHTTPPort, "dapr-http-port", strconv.Itoa(runtime.DefaultDaprHTTPPort), "HTTP port for Dapr API to listen on")
  fs.StringVar(&opts.DaprAPIListenAddresses, "dapr-listen-addresses", runtime.DefaultAPIListenAddress, "One or more addresses for the Dapr API to listen on, CSV limited")
  fs.StringVar(&opts.DaprPublicPort, "dapr-public-port", "", "Public port for Dapr Health and Metadata to listen on")
+ fs.StringVar(&opts.DaprPublicListenAddress, "dapr-public-listen-address", "", "Public listen address for Dapr Health and Metadata")
  fs.StringVar(&opts.DaprAPIGRPCPort, "dapr-grpc-port", strconv.Itoa(runtime.DefaultDaprAPIGRPCPort), "gRPC port for the Dapr API to listen on")
  fs.StringVar(&opts.DaprInternalGRPCPort, "dapr-internal-grpc-port", "", "gRPC port for the Dapr Internal API to listen on")
+ fs.StringVar(&opts.DaprInternalGRPCListenAddress, "dapr-internal-grpc-listen-address", "", "gRPC listen address for the Dapr Internal API")
  fs.StringVar(&opts.AppPort, "app-port", "", "The port the application is listening on")
  fs.StringVar(&opts.ProfilePort, "profile-port", strconv.Itoa(runtime.DefaultProfilePort), "The port for the profile server")
  fs.StringVar(&opts.AppProtocol, "app-protocol", string(protocol.HTTPProtocol), "Protocol for the application: grpc, grpcs, http, https, h2c")

cmd/injector/app/app.go

@@ -102,6 +102,7 @@ func Run() {
 
  inj, err := service.NewInjector(service.Options{
  Port: opts.Port,
+ ListenAddress: opts.ListenAddress,
  AuthUIDs: uids,
  Config: cfg,
  DaprClient: daprClient,
@@ -143,7 +144,7 @@ func Run() {
  return nil
  },
  func(ctx context.Context) error {
- healhtzErr := healthzServer.Run(ctx, opts.HealthzPort)
+ healhtzErr := healthzServer.Run(ctx, opts.HealthzListenAddress, opts.HealthzPort)
  if healhtzErr != nil {
  return fmt.Errorf("failed to start healthz server: %w", healhtzErr)
  }

cmd/injector/options/options.go

@@ -24,11 +24,13 @@ import (
 )
 
 type Options struct {
- HealthzPort int
- Kubeconfig string
- Port int
- Logger logger.Options
- Metrics *metrics.Options
+ HealthzPort int
+ HealthzListenAddress string
+ Kubeconfig string
+ Port int
+ ListenAddress string
+ Logger logger.Options
+ Metrics *metrics.Options
 }
 
 func New(origArgs []string) *Options {
@@ -54,7 +56,9 @@ func New(origArgs []string) *Options {
  fs.SortFlags = true
 
  fs.IntVar(&opts.HealthzPort, "healthz-port", 8080, "The port used for health checks")
+ fs.StringVar(&opts.HealthzListenAddress, "healthz-listen-address", "", "The listening address for the healthz server")
  fs.IntVar(&opts.Port, "port", 4000, "The port used for the injector service")
+ fs.StringVar(&opts.ListenAddress, "listen-address", "", "The listen address for the injector service")
 
  if home := homedir.HomeDir(); home != "" {
  fs.StringVar(&opts.Kubeconfig, "kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file")

cmd/operator/app/app.go

@@ -56,8 +56,11 @@ func Run() {
  WatchdogInterval: opts.WatchdogInterval,
  WatchdogCanPatchPodLabels: opts.WatchdogCanPatchPodLabels,
  APIPort: opts.APIPort,
+ APIListenAddress: opts.APIListenAddress,
  HealthzPort: opts.HealthzPort,
+ HealthzListenAddress: opts.HealthzListenAddress,
  WebhookServerPort: opts.WebhookServerPort,
+ WebhookServerListenAddress: opts.WebhookServerListenAddress,
  })
  if err != nil {
  log.Fatalf("error creating operator: %v", err)

cmd/operator/options/options.go

@@ -53,8 +53,11 @@ type Options struct {
  Logger logger.Options
  Metrics *metrics.Options
  APIPort int
+ APIListenAddress string
  HealthzPort int
+ HealthzListenAddress string
  WebhookServerPort int
+ WebhookServerListenAddress string
 }
 
 func New() *Options {
@@ -79,8 +82,11 @@ func New() *Options {
  flag.StringVar(&opts.TrustAnchorsFile, "trust-anchors-file", securityConsts.ControlPlaneDefaultTrustAnchorsPath, "Filepath to the trust anchors for the Dapr control plane")
 
  flag.IntVar(&opts.APIPort, "port", 6500, "The port for the operator API server to listen on")
+ flag.StringVar(&opts.APIListenAddress, "listen-address", "", "The listening address for the operator API server")
  flag.IntVar(&opts.HealthzPort, "healthz-port", 8080, "The port for the healthz server to listen on")
+ flag.StringVar(&opts.HealthzListenAddress, "healthz-listen-address", "", "The listening address for the healthz server")
  flag.IntVar(&opts.WebhookServerPort, "webhook-server-port", 19443, "The port for the webhook server to listen on")
+ flag.StringVar(&opts.WebhookServerListenAddress, "webhook-server-listen-address", "", "The listening address for the webhook server")
 
  opts.Logger = logger.DefaultOptions()
  opts.Logger.AttachCmdFlags(flag.StringVar, flag.BoolVar)

cmd/placement/app/app.go

@@ -116,13 +116,13 @@ func Run() {
  RouterOptions: metadataOptions,
  })
  healthzServer.Ready()
- if healthzErr := healthzServer.Run(ctx, opts.HealthzPort); healthzErr != nil {
+ if healthzErr := healthzServer.Run(ctx, opts.HealthzListenAddress, opts.HealthzPort); healthzErr != nil {
  return fmt.Errorf("failed to start healthz server: %w", healthzErr)
  }
  return nil
  },
  func(ctx context.Context) error {
- return apiServer.Run(ctx, strconv.Itoa(opts.PlacementPort))
+ return apiServer.Run(ctx, opts.PlacementListenAddress, strconv.Itoa(opts.PlacementPort))
  },
  ).Run(ctx)
  if err != nil {

cmd/placement/options/options.go

@@ -47,11 +47,13 @@ type Options struct {
  RaftLogStorePath string
 
  // Placement server configurations
- PlacementPort int
- HealthzPort int
- MetadataEnabled bool
- MaxAPILevel int
- MinAPILevel int
+ PlacementPort int
+ PlacementListenAddress string
+ HealthzPort int
+ HealthzListenAddress string
+ MetadataEnabled bool
+ MaxAPILevel int
+ MinAPILevel int
 
  TLSEnabled bool
  TrustDomain string
@@ -96,7 +98,9 @@ func New(origArgs []string) *Options {
  fs.BoolVar(&opts.RaftInMemEnabled, "inmem-store-enabled", true, "Enable in-memory log and snapshot store unless --raft-logstore-path is set")
  fs.StringVar(&opts.RaftLogStorePath, "raft-logstore-path", "", "raft log store path.")
  fs.IntVar(&opts.PlacementPort, "port", defaultPlacementPort, "sets the gRPC port for the placement service")
+ fs.StringVar(&opts.PlacementListenAddress, "listen-address", "", "The listening address for the placement service")
  fs.IntVar(&opts.HealthzPort, "healthz-port", defaultHealthzPort, "sets the HTTP port for the healthz server")
+ fs.StringVar(&opts.HealthzListenAddress, "healthz-listen-address", "", "The listening address for the healthz server")
  fs.BoolVar(&opts.TLSEnabled, "tls-enabled", false, "Should TLS be enabled for the placement gRPC server")
  fs.BoolVar(&opts.MetadataEnabled, "metadata-enabled", opts.MetadataEnabled, "Expose the placement tables on the healthz server")
  fs.IntVar(&opts.MaxAPILevel, "max-api-level", 10, "If set to >= 0, causes the reported 'api-level' in the cluster to never exceed this value")

cmd/sentry/app/app.go

@@ -73,6 +73,7 @@ func Run() {
  cfg.RootCertPath = rootCertPath
  cfg.TrustDomain = opts.TrustDomain
  cfg.Port = opts.Port
+ cfg.ListenAddress = opts.ListenAddress
 
  var (
  watchDir = filepath.Dir(cfg.IssuerCertPath)
@@ -146,7 +147,7 @@ func Run() {
  err = mngr.Add(func(ctx context.Context) error {
  healthzServer := health.NewServer(health.Options{Log: log})
  healthzServer.Ready()
- runErr := healthzServer.Run(ctx, opts.HealthzPort)
+ runErr := healthzServer.Run(ctx, opts.HealthzListenAddress, opts.HealthzPort)
  if runErr != nil {
  return fmt.Errorf("failed to start healthz server: %s", runErr)
  }

cmd/sentry/options/options.go

@@ -35,7 +35,9 @@ const (
 type Options struct {
  ConfigName string
  Port int
+ ListenAddress string
  HealthzPort int
+ HealthzListenAddress string
  IssuerCredentialsPath string
  TrustDomain string
  Kubeconfig string
@@ -76,7 +78,9 @@ func New(origArgs []string) *Options {
  fs.StringVar(&opts.IssuerKeyFilename, "issuer-key-filename", config.DefaultIssuerKeyFilename, "Issuer private key filename")
  fs.StringVar(&opts.TrustDomain, "trust-domain", "localhost", "The CA trust domain")
  fs.IntVar(&opts.Port, "port", config.DefaultPort, "The port for the sentry server to listen on")
+ fs.StringVar(&opts.ListenAddress, "listen-address", "", "The listen address for the sentry server")
  fs.IntVar(&opts.HealthzPort, "healthz-port", 8080, "The port for the healthz server to listen on")
+ fs.StringVar(&opts.HealthzListenAddress, "healthz-listen-address", "", "The listening address for the healthz server")
 
  if home := homedir.HomeDir(); home != "" {
  fs.StringVar(&opts.Kubeconfig, "kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file")

pkg/api/http/config.go

@@ -20,6 +20,7 @@ type ServerConfig struct {
  Port int
  APIListenAddresses []string
  PublicPort *int
+ PublicListenAddress string
  ProfilePort int
  AllowedOrigins string
  EnableProfiling bool

pkg/api/http/server.go

@@ -174,7 +174,7 @@ func (s *server) StartNonBlocking() error {
  s.setupRoutes(publicR, s.api.PublicEndpoints())
 
  healthServer := &http.Server{
- Addr: fmt.Sprintf(":%d", *s.config.PublicPort),
+ Addr: fmt.Sprintf("%s:%d", s.config.PublicListenAddress, *s.config.PublicPort),
  Handler: publicR,
  ReadHeaderTimeout: 10 * time.Second,
  MaxHeaderBytes: s.config.ReadBufferSize,

pkg/health/server.go

@@ -28,7 +28,7 @@ import (
 
 // Server is the interface for the healthz server.
 type Server interface {
- Run(context.Context, int) error
+ Run(context.Context, string, int) error
  Ready()
 }
 
@@ -107,10 +107,10 @@ func (s *server) Ready() {
 }
 
 // Run starts a net/http server with a healthz endpoint.
-func (s *server) Run(ctx context.Context, port int) error {
+func (s *server) Run(ctx context.Context, listenAddress string, port int) error {
  //nolint:gosec
  srv := &http.Server{
- Addr: fmt.Sprintf(":%d", port),
+ Addr: fmt.Sprintf("%s:%d", listenAddress, port),
  Handler: s.router,
  BaseContext: func(_ net.Listener) context.Context { return ctx },
  }