[Umbrella] Bind the listening address of karmada component to the POD IP

[XiShanYongYe-Chang]

What would you like to be added:

I submitted a document on the website: karmada-io/website#813

In the configuration guide, user can set the listening address to the POD IP address. We can change the listening addresses of Karmada components in different installation modes based on the suggestions.

Currently, Karmada supports the following installation modes:

• kind @seanlaii Update bind addresses to use POD_IP for local-up script #6285
• helm @seanlaii Update bind addresses to use POD_IP for helm #6324
• operator @seanlaii Update bind addresses to use POD_IP for karmada-operator #6321
• karmadactl init @seanlaii Update bind addresses to use POD_IP for karmadactl #6323

The Karmada components that can be configured include:

• karmada-controller-manager
• karmada-scheduler
• karmada-aggregated-apiserver
• karmada-search
• karmada-scheduler-estimator
• karmada-agent
• karmada-webhook
• karmada-metrics-adapter
• karmada-descheduler

Why is this needed:

When a user deploys a Karmada component, the Karmada component will use the default listening address and port if the listening-related parameters are not configured. The default listening address of the Karmada component is 0.0.0.0, which means that the component will listen to all network interfaces on the server (for a container, this is a virtual network interface that is managed by the container runtime, such as Docker).

All-zero listening will increase the risk of being attacked. So, we can change the listening address to the POD IP address.

[XiShanYongYe-Chang]

/help

[karmada-bot]

@XiShanYongYe-Chang:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[seanlaii]

Hi @XiShanYongYe-Chang, thanks for the info.

Just to confirm my understanding: are you suggesting changing the default address settings (like the --metrics-bind-address flag, default to 0.0.0.0) to use the specific Pod IP address?

For example, would this mean modifying the --bind-address in karmada-scheduler.yaml from 0.0.0.0 to the Pod's IP?

[XiShanYongYe-Chang]

Thanks @seanlaii

For example, would this mean modifying the --bind-address in karmada-scheduler.yaml from 0.0.0.0 to the Pod's IP?

Yes, it is, just as the example on the website.

[seanlaii]

Got it. Thanks! I could help work on this.

[XiShanYongYe-Chang]

Thanks a lot, @seanlaii

So let's deal with the kind installation, which is through the hack script?

[seanlaii]

Yes, sounds good to me.

[XiShanYongYe-Chang]

/assign @seanlaii