Commit be4b1bcd authored by Brad Davidson's avatar Brad Davidson Committed by Brad Davidson

Fix local password validation when bind-address is set

Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com> (cherry picked from commit d0ea741b) Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com>
parent 9515436e
......@@ -66,7 +66,7 @@ func GetNodeAuthValidator(ctx context.Context, control *config.Control) NodeAuth
// get client address, to see if deferred node password validation should be allowed when the apiserver
// is not available. Deferred password validation is only allowed for requests from the local client.
client, _, _ := net.SplitHostPort(req.RemoteAddr)
isLocal := client == "127.0.0.1" || client == "::1"
isLocal := client == "127.0.0.1" || client == "::1" || client == control.BindAddress
if secretClient == nil || nodeClient == nil {
if runtime.Core != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment