From 051d03ead70492490eac637ff07a35201a14e858 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Fri, 16 Jan 2026 12:23:30 +0100
Subject: [PATCH] Fix defaults for  apiserver_loadbalancer_domain_name

Since we're not longer injecting pseudo DNS into /etc/hosts,
'lb-apiserver.kubernetes.local' (the previous default) won't resolve to
anything.

Instead, default to the loadbalancer IP if defined, or to the node local
loadbalancer if it's in use.

Make the necessary adjustements in use site to deal with ip addresses as
well as hostnames.
---
 roles/kubernetes/control-plane/tasks/kubeadm-setup.yml | 2 +-
 roles/kubespray_defaults/defaults/main/main.yml        | 6 +++---
 roles/network_facts/tasks/no_proxy.yml                 | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index 96c347033..579d684b8 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -90,7 +90,7 @@
 # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
 - name: Set kubeadm_config_api_fqdn define
   set_fact:
-    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name | default('lb-apiserver.kubernetes.local') }}"
+    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name }}"
   when: loadbalancer_apiserver is defined
 
 - name: Kubeadm | Create kubeadm config
diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml
index cd318180c..3431867ad 100644
--- a/roles/kubespray_defaults/defaults/main/main.yml
+++ b/roles/kubespray_defaults/defaults/main/main.yml
@@ -640,10 +640,10 @@ first_kube_control_plane_address: "{{ hostvars[groups['kube_control_plane'][0]][
 loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
 loadbalancer_apiserver_type: "nginx"
 # applied if only external loadbalancer_apiserver is defined, otherwise ignored
-apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
+apiserver_loadbalancer_domain_name: "{{ 'localhost' if loadbalancer_apiserver_localhost else (loadbalancer_apiserver.address | d(undef())) }}"
 kube_apiserver_global_endpoint: |-
   {% if loadbalancer_apiserver is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name | ansible.utils.ipwrap }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
   {%- elif loadbalancer_apiserver_localhost and (loadbalancer_apiserver_port is not defined or loadbalancer_apiserver_port == kube_apiserver_port) -%}
       https://localhost:{{ kube_apiserver_port }}
   {%- else -%}
@@ -651,7 +651,7 @@ kube_apiserver_global_endpoint: |-
   {%- endif %}
 kube_apiserver_endpoint: |-
   {% if loadbalancer_apiserver is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name | ansible.utils.ipwrap }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
   {%- elif ('kube_control_plane' not in group_names) and loadbalancer_apiserver_localhost -%}
       https://localhost:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }}
   {%- elif 'kube_control_plane' in group_names -%}
diff --git a/roles/network_facts/tasks/no_proxy.yml b/roles/network_facts/tasks/no_proxy.yml
index 56b9446d8..b2ad83d3d 100644
--- a/roles/network_facts/tasks/no_proxy.yml
+++ b/roles/network_facts/tasks/no_proxy.yml
@@ -4,7 +4,7 @@
     # noqa: jinja[spacing]
     no_proxy_prepare: >-
       {%- if loadbalancer_apiserver is defined -%}
-      {{ apiserver_loadbalancer_domain_name | default('') }},
+      {{ apiserver_loadbalancer_domain_name }},
       {{ loadbalancer_apiserver.address | default('') }},
       {%- endif -%}
       {%- if no_proxy_exclude_workers | default(false) -%}
@@ -32,7 +32,7 @@
 
 - name: Populates no_proxy to all hosts
   set_fact:
-    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
+    no_proxy: "{{ hostvars.localhost.no_proxy_prepare | select }}"
     # noqa: jinja[spacing]
     proxy_env: "{{ proxy_env | combine({
         'no_proxy': hostvars.localhost.no_proxy_prepare,