Fix auto-evaluated API access endpoint for bind IP (#2086)

Auto configure API access endpoint with a custom bind IP, if provided. Fix HA docs' http URLs are https in fact, clarify the insecure vs secure API access modes as well. Closes: #issues/2051 Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2026-02-01 01:28:11 -03:30 · 2018-01-03 17:40:21 +01:00
parent ad6fecefa8
commit bac3bf1a5f
2 changed files with 19 additions and 10 deletions
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -98,8 +98,12 @@ kube_pods_subnet: 10.233.64.0/18
 # room for 4096 nodes with 254 pods per node.
 kube_network_node_prefix: 24

-# The port the API Server will be listening on.
+# The virtual cluster IP, real host IPs and ports the API Server will be
+# listening on.
+# NOTE: loadbalancer_apiserver_localhost somewhat alters the final API enpdoint
+# access IP value (automatically evaluated below)
 kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
+kube_apiserver_bind_address: 0.0.0.0
 # https
 kube_apiserver_port: 6443
 # http
@@ -211,7 +215,7 @@ kube_apiserver_endpoint: |-
  {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
       https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
  {%- elif is_kube_master -%}
-       https://127.0.0.1:{{ kube_apiserver_port }}
+       https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_port }}
  {%- else -%}
  {%-   if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
       https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}