From af74d85b7d16b1380115fac6ee450b157ac19583 Mon Sep 17 00:00:00 2001
From: Erwan Miran <mirwan666@gmail.com>
Date: Wed, 12 Sep 2018 08:22:11 +0200
Subject: [PATCH] Remove --insecure-bind-address when insecure-port=0

---
 .../kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 | 2 ++
 .../kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 | 2 ++
 .../master/templates/manifests/kube-apiserver.manifest.j2       | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
index fefc5632e..416d23e83 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
@@ -45,7 +45,9 @@ authorizationModes:
 selfHosted: false
 apiServerExtraArgs:
   bind-address: {{ kube_apiserver_bind_address }}
+{% if kube_apiserver_insecure_port|string != "0" %}
   insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
+{% endif %}
   insecure-port: "{{ kube_apiserver_insecure_port }}"
 {% if kube_version | version_compare('v1.10', '<') %}
   admission-control: {{ kube_apiserver_admission_control | join(',') }}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 09dc520b4..447c382b6 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -37,7 +37,9 @@ authorizationModes:
 {% endfor %}
 apiServerExtraArgs:
   bind-address: {{ kube_apiserver_bind_address }}
+{% if kube_apiserver_insecure_port|string != "0" %}
   insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
+{% endif %}
   insecure-port: "{{ kube_apiserver_insecure_port }}"
 {% if kube_version | version_compare('v1.10', '<') %}
   admission-control: {{ kube_apiserver_admission_control | join(',') }}
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 765b3d151..928b16c75 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -46,7 +46,9 @@ spec:
     - --etcd-cafile={{ etcd_cert_dir }}/ca.pem
     - --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
     - --etcd-keyfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem
+{% if kube_apiserver_insecure_port|string != "0" %}
     - --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
+{% endif %}
     - --bind-address={{ kube_apiserver_bind_address }}
     - --apiserver-count={{ kube_apiserver_count }}
 {% if kube_version | version_compare('v1.9', '>=') %}