feat(healthcheck): make healtcheck bind address configurable

[dodgex]

What type of PR is this?

feature

What this PR does / why we need it:

This PR makes the bind address used for the healthcheck endpoint configurable.
Similar to and pretty much based on: #1570 that makes metrics bind address configurable.

Which issue(s) this PR is related to:

Fixes #2043

Was AI used during the creation of this PR?

No

What, if any, amount of integration testing was done with this change in a Kubernetes environment?

None

Does this PR introduce a breaking change?

NONE

Anything else the reviewer should know that wasn't already covered?

This PR is pretty much a copy/paste and adapting of changes from #1570.

The development and contribution guides ask/require to execute certain commands. Unfortunately, some of them fail for me.

• make kube-router and make gofmt are successful.
• make gofmt-fix fails as it misses goimports. I tried to run go install golang.org/x/tools/cmd/goimports@latest but the fixing still failed with the same error. As I did not change imports, I assume this can be "ignored".
• make test-pretty fails with DONE 592 tests, 1 failure in 0.062s, where the failing test is

  kube-router_test.go:53: docs/user-guide.md 'command line options' section does not match kube-router --help.

• plain make fails with

  docker run --rm -v /home/dodge/projects/kube-router:/work -w /work alpine:3.23 sh -c
  'wget -qO- https://github.com/crate-ci/typos/releases/download/v1.33.1/typos-v1.33.1-x86_64-unknown-linux-musl.tar.gz | tar xz -C /usr/local/bin && typos'
  28FBA63FD4730000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:698:
  ssl_client: SSL_connect
  wget: error getting response: Connection reset by peer
  tar: invalid magic
  tar: short read
  make: *** [Makefile:139: spellcheck] Error 1

[catherinetcai]

Hi @dodgex, sorry for the delay in getting to this MR!

The health check implementation is missing a check to ensure that the address/port combination is actually bindable. The metrics server does something similar here:

kube-router/pkg/cmd/kube-router.go

Line 148 in d2359f2

if err := utils.TCPAddressBindable(kr.Config.MetricsAddr, kr.Config.MetricsPort); err != nil {

Can you also provide a little more context around your home lab setup. I'd like to get more insight onto why having the health check bind to all interfaces is causing problems for you.

[dodgex]

Hi @catherinetcai, no worries.

I added a check if the healt address/port is bindable, based on the check for the metrics.

Can you also provide a little more context around your home lab setup. I'd like to get more insight onto why having the health check bind to all interfaces is causing problems for you.

Well, as I mentioned in #2043, I am currently more or less in an evalating phase, testing k0s for personal stuff. So currently there is no actual kubernetes setup yet, beside my playground / PoC VM. My current experience with Kubernetes so far is only the "using" side, providing YAML files (svc, deployments etc) for our applications and managing the stuff installed on our cluster with ArgoCD. This project is me liking tech stuff way to much and wanting to learn more about it. :)

I would not say, that having health check bind on all interfaces is actually causing real problems. This is honestly mostly me, like stuff "clean". And as I managed to configure all other ports im my playground (one thanks to a similar PR in k0s itself, that got merged today), I thought, it might be helpful, to contribute what is needed to make it possible.

And even when I, in the next phase of this project decide to roll k0s on my online servers, this wouldn't be that big of a deal, as the firewall would block any access anyway.

tldr: It is pretty much all about limiting the scope to what is needed. And a healtcheck, as harmless as it might be, has no reasons (i can think of) to be available on more interfaces than necessary. :)