External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-02 01:58:12 -03:30
Code Issues Packages Projects Releases Wiki Activity

Allow setting --bind-address for apiserver hyperkube (#1985)

Browse Source 
* Allow setting --bind-address for apiserver hyperkube

This is required if you wish to configure a loadbalancer (e.g haproxy)
running on the master nodes without choosing a different port for the
vip from that used by the API - in this case you need the API to bind to
a specific interface, then haproxy can bind the same port on the VIP:

root@overcloud-controller-0 ~]# netstat -taupen | grep 6443
tcp        0      0 192.168.24.6:6443       0.0.0.0:*               LISTEN      0          680613     134504/haproxy
tcp        0      0 192.168.24.16:6443      0.0.0.0:*               LISTEN      0          653329     131423/hyperkube
tcp        0      0 192.168.24.16:6443      192.168.24.16:58404     ESTABLISHED 0          652991     131423/hyperkube
tcp        0      0 192.168.24.16:58404     192.168.24.16:6443      ESTABLISHED 0          652986     131423/hyperkube

This can be achieved e.g via:

kube_apiserver_bind_address: 192.168.24.16

* Address code review feedback

* Update kube-apiserver.manifest.j2
This commit is contained in:
Steven Hardy
2017-11-29 15:24:02 +00:00
committed by Matthew Mosesohn
parent e5d353d0a7
commit d39a88d63f
4 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kubernetes/master/defaults/main.yml
View File

@@ -6,6 +6,10 @@ kube_hostpath_dynamic_provisioner: "false"
# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1
# By default the external API listens on all interfaces, this can be changed to
# listen on a specific address/interface.
kube_apiserver_bind_address: 0.0.0.0
# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"

1
roles/kubernetes/master/templates/kubeadm-config.yaml.j2
View File

@@ -25,6 +25,7 @@ token: {{ kubeadm_token }}
tokenTTL: "{{ kubeadm_token_ttl }}"
selfHosted: false
apiServerExtraArgs:
bind-address: {{ kube_apiserver_bind_address }}
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
insecure-port: "{{ kube_apiserver_insecure_port }}"
admission-control: {{ kube_apiserver_admission_control | join(',') }}

1
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View File

@@ -35,6 +35,7 @@ spec:
- --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
- --etcd-keyfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
- --bind-address={{ kube_apiserver_bind_address }}
- --apiserver-count={{ kube_apiserver_count }}
- --admission-control={{ kube_apiserver_admission_control | join(',') }}
- --service-cluster-ip-range={{ kube_service_addresses }}