mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-02-01 01:28:11 -03:30
refact ip stack (#11953)
This commit is contained in:
Boris
GitHub
@@ -1,9 +1,10 @@
|
||||
---
|
||||
# advertised host IP for kubelet. This affects network plugin config. Take caution
|
||||
kubelet_address: "{{ ip | default(fallback_ip) }}{{ (',' + ip6) if enable_dual_stack_networks and ip6 is defined else '' }}"
|
||||
# add ipv6 manual for dualstack mode because ipv4 priority in main_ip for dualstack
|
||||
kubelet_address: "{{ main_ips | join(',') }}"
|
||||
|
||||
# bind address for kubelet. Set to 0.0.0.0 to listen on all interfaces
|
||||
kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"
|
||||
# bind address for kubelet. Set to :: to listen on all interfaces
|
||||
kubelet_bind_address: "{{ main_ip | default('::') }}"
|
||||
|
||||
# resolv.conf to base dns config
|
||||
kube_resolv_conf: "/etc/resolv.conf"
|
||||
@@ -27,11 +28,12 @@ kubelet_systemd_hardening: false
|
||||
kubelet_systemd_wants_dependencies: []
|
||||
|
||||
# List of secure IPs for kubelet
|
||||
# don't forget ipv6 addresses for dualstack(because "main_ip" prioritizes ipv4)
|
||||
kube_node_addresses: >-
|
||||
{%- for host in (groups['k8s_cluster'] | union(groups['etcd'])) -%}
|
||||
{{ hostvars[host]['ip'] | default(hostvars[host]['fallback_ip']) }}{{ ' ' if not loop.last else '' }}
|
||||
{{ hostvars[host]['main_ips'] | join(' ') }}{{ ' ' if not loop.last else '' }}
|
||||
{%- endfor -%}
|
||||
kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} {{ kube_node_addresses }}"
|
||||
kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnets | regex_replace(',', ' ') }} {{ kube_node_addresses }}"
|
||||
|
||||
# Reserve this space for kube resources
|
||||
# Whether to run kubelet and container-engine daemons in a dedicated cgroup. (Not required for resource reservations).
|
||||
@@ -190,7 +192,7 @@ conntrack_modules:
|
||||
|
||||
## Enable distributed tracing for kubelet
|
||||
kubelet_tracing: false
|
||||
kubelet_tracing_endpoint: 0.0.0.0:4317
|
||||
kubelet_tracing_endpoint: "[::]:4317"
|
||||
kubelet_tracing_sampling_rate_per_million: 100
|
||||
|
||||
# The maximum number of image pulls in parallel. Set it to a integer great than 1 to enable image pulling in parallel.
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
- name: Install nginx-proxy
|
||||
import_tasks: loadbalancer/nginx-proxy.yml
|
||||
when:
|
||||
- ('kube_control_plane' not in group_names) or (kube_apiserver_bind_address != '0.0.0.0')
|
||||
- ('kube_control_plane' not in group_names) or (kube_apiserver_bind_address != '::')
|
||||
- loadbalancer_apiserver_localhost
|
||||
- loadbalancer_apiserver_type == 'nginx'
|
||||
tags:
|
||||
@@ -36,7 +36,7 @@
|
||||
- name: Install haproxy
|
||||
import_tasks: loadbalancer/haproxy.yml
|
||||
when:
|
||||
- ('kube_control_plane' not in group_names) or (kube_apiserver_bind_address != '0.0.0.0')
|
||||
- ('kube_control_plane' not in group_names) or (kube_apiserver_bind_address != '::')
|
||||
- loadbalancer_apiserver_localhost
|
||||
- loadbalancer_apiserver_type == 'haproxy'
|
||||
tags:
|
||||
|
||||
@@ -29,10 +29,10 @@ containerLogMaxSize: {{ kubelet_logfiles_max_size }}
|
||||
containerRuntimeEndpoint : {{ cri_socket }}
|
||||
maxPods: {{ kubelet_max_pods }}
|
||||
podPidsLimit: {{ kubelet_pod_pids_limit }}
|
||||
address: {{ kubelet_bind_address }}
|
||||
address: "{{ kubelet_bind_address }}"
|
||||
readOnlyPort: {{ kube_read_only_port }}
|
||||
healthzPort: {{ kubelet_healthz_port }}
|
||||
healthzBindAddress: {{ kubelet_healthz_bind_address }}
|
||||
healthzBindAddress: "{{ kubelet_healthz_bind_address }}"
|
||||
kubeletCgroups: {{ kubelet_kubelet_cgroups }}
|
||||
clusterDomain: {{ dns_domain }}
|
||||
{% if kubelet_protect_kernel_defaults | bool %}
|
||||
@@ -130,7 +130,7 @@ topologyManagerScope: {{ kubelet_topology_manager_scope }}
|
||||
{% endif %}
|
||||
{% if kubelet_tracing %}
|
||||
tracing:
|
||||
endpoint: {{ kubelet_tracing_endpoint }}
|
||||
endpoint: "{{ kubelet_tracing_endpoint }}"
|
||||
samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }}
|
||||
{% endif %}
|
||||
maxParallelImagePulls: {{ kubelet_max_parallel_image_pulls }}
|
||||
|
||||
@@ -22,7 +22,7 @@ defaults
|
||||
{% if loadbalancer_apiserver_healthcheck_port is defined -%}
|
||||
frontend healthz
|
||||
bind 0.0.0.0:{{ loadbalancer_apiserver_healthcheck_port }}
|
||||
{% if enable_dual_stack_networks -%}
|
||||
{% if ipv6_stack -%}
|
||||
bind :::{{ loadbalancer_apiserver_healthcheck_port }}
|
||||
{% endif -%}
|
||||
mode http
|
||||
@@ -31,7 +31,7 @@ frontend healthz
|
||||
|
||||
frontend kube_api_frontend
|
||||
bind 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}
|
||||
{% if enable_dual_stack_networks -%}
|
||||
{% if ipv6_stack -%}
|
||||
bind [::1]:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
|
||||
{% endif -%}
|
||||
mode tcp
|
||||
@@ -45,5 +45,5 @@ backend kube_api_backend
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
{% for host in groups['kube_control_plane'] -%}
|
||||
server {{ host }} {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['fallback_ip'])) }}:{{ kube_apiserver_port }} check check-ssl verify none
|
||||
server {{ host }} {{ hostvars[host]['main_access_ip'] | ansible.utils.ipwrap }}:{{ kube_apiserver_port }} check check-ssl verify none
|
||||
{% endfor -%}
|
||||
|
||||
@@ -14,13 +14,13 @@ stream {
|
||||
upstream kube_apiserver {
|
||||
least_conn;
|
||||
{% for host in groups['kube_control_plane'] -%}
|
||||
server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['fallback_ip'])) }}:{{ kube_apiserver_port }};
|
||||
server {{ hostvars[host]['main_access_ip'] | ansible.utils.ipwrap }}:{{ kube_apiserver_port }};
|
||||
{% endfor -%}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
|
||||
{% if enable_dual_stack_networks -%}
|
||||
{% if ipv6_stack -%}
|
||||
listen [::1]:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
|
||||
{% endif -%}
|
||||
proxy_pass kube_apiserver;
|
||||
@@ -44,7 +44,7 @@ http {
|
||||
{% if loadbalancer_apiserver_healthcheck_port is defined -%}
|
||||
server {
|
||||
listen {{ loadbalancer_apiserver_healthcheck_port }};
|
||||
{% if enable_dual_stack_networks -%}
|
||||
{% if ipv6_stack -%}
|
||||
listen [::]:{{ loadbalancer_apiserver_healthcheck_port }};
|
||||
{% endif -%}
|
||||
location /healthz {
|
||||
|
||||
@@ -5,7 +5,7 @@ clusters:
|
||||
- name: local
|
||||
cluster:
|
||||
certificate-authority: {{ kube_cert_dir }}/ca.pem
|
||||
server: {{ kube_apiserver_endpoint }}
|
||||
server: "{{ kube_apiserver_endpoint }}"
|
||||
users:
|
||||
- name: kubelet
|
||||
user:
|
||||
|
||||
Reference in New Issue
Block a user