epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 22:04:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix if bind-address is not set to 0.0.0.0 (#8262)

Browse Source 
* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space
This commit is contained in:
Hanna Bledai
2021-12-06 10:58:32 +03:00
committed by GitHub
parent 46b1b7ab34
commit 615216f397
4 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/ha-mode.md
View File

@@ -102,12 +102,13 @@ exclusive to `loadbalancer_apiserver_localhost`.
Access API endpoints are evaluated automatically, as the following: Access API endpoints are evaluated automatically, as the following:
| Endpoint type | kube_control_plane | non-master | external | | Endpoint type | kube_control_plane | non-master | external |
|------------------------------|--------------------|-------------------------|-----------------------| |------------------------------|------------------------------------------|-------------------------|-----------------------|
| Local LB (default) | `https://bip:sp` | `https://lc:nsp` | `https://m[0].aip:sp` | | Local LB (default) | `https://dbip:sp` | `https://lc:nsp` | `https://m[0].aip:sp` |
| Local LB + Unmanaged here LB | `https://bip:sp` | `https://lc:nsp` | `https://ext` | | Local LB (default) + cbip | `https://cbip:sp` and `https://lc:nsp` | `https://lc:nsp` | `https://m[0].aip:sp` |
| External LB, no internal | `https://bip:sp` | `<https://lb:lp>` | `https://lb:lp` | | Local LB + Unmanaged here LB | `https://dbip:sp` | `https://lc:nsp` | `https://ext` |
| No ext/int LB | `https://bip:sp` | `<https://m[0].aip:sp>` | `https://m[0].aip:sp` | | External LB, no internal | `https://dbip:sp` | `<https://lb:lp>` | `https://lb:lp` |
| No ext/int LB | `https://dbip:sp` | `<https://m[0].aip:sp>` | `https://m[0].aip:sp` |
Where: Where:
@@ -115,7 +116,8 @@ Where:
* `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`; * `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`;
* `ext` - Externally load balanced VIP:port and FQDN, not managed by Kubespray; * `ext` - Externally load balanced VIP:port and FQDN, not managed by Kubespray;
* `lc` - localhost; * `lc` - localhost;
* `bip` - a custom bind IP or localhost for the default bind IP '0.0.0.0'; * `cbip` - a custom bind IP, `kube_apiserver_bind_address`;
* `dbip` - localhost for the default bind IP '0.0.0.0';
* `nsp` - nginx secure port, `loadbalancer_apiserver_port`, defers to `sp`; * `nsp` - nginx secure port, `loadbalancer_apiserver_port`, defers to `sp`;
* `sp` - secure port, `kube_apiserver_port`; * `sp` - secure port, `kube_apiserver_port`;
* `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port; * `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port;

2
roles/kubernetes/control-plane/defaults/main/main.yml
View File

@@ -10,6 +10,8 @@ kube_apiserver_insecure_bind_address: 127.0.0.1
# By default the external API listens on all interfaces, this can be changed to # By default the external API listens on all interfaces, this can be changed to
# listen on a specific address/interface. # listen on a specific address/interface.
# NOTE: If you specific address/interface and use loadbalancer_apiserver_localhost
# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} too.
kube_apiserver_bind_address: 0.0.0.0 kube_apiserver_bind_address: 0.0.0.0
# A port range to reserve for services with NodePort visibility. # A port range to reserve for services with NodePort visibility.

4
roles/kubernetes/node/tasks/main.yml
View File

@@ -19,7 +19,7 @@
- import_tasks: loadbalancer/nginx-proxy.yml - import_tasks: loadbalancer/nginx-proxy.yml
when: when:
- not is_kube_master - not is_kube_master or kube_apiserver_bind_address != '0.0.0.0'
- loadbalancer_apiserver_localhost - loadbalancer_apiserver_localhost
- loadbalancer_apiserver_type == 'nginx' - loadbalancer_apiserver_type == 'nginx'
tags: tags:
@@ -27,7 +27,7 @@
- import_tasks: loadbalancer/haproxy.yml - import_tasks: loadbalancer/haproxy.yml
when: when:
- not is_kube_master - not is_kube_master or kube_apiserver_bind_address != '0.0.0.0'
- loadbalancer_apiserver_localhost - loadbalancer_apiserver_localhost
- loadbalancer_apiserver_type == 'haproxy' - loadbalancer_apiserver_type == 'haproxy'
tags: tags:

4
roles/kubespray-defaults/defaults/main.yaml
View File

@@ -214,7 +214,11 @@ kube_network_node_prefix_ipv6: 120
# NOTE: loadbalancer_apiserver_localhost somewhat alters the final API enpdoint # NOTE: loadbalancer_apiserver_localhost somewhat alters the final API enpdoint
# access IP value (automatically evaluated below) # access IP value (automatically evaluated below)
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
# NOTE: If you specific address/interface and use loadbalancer_apiserver_localhost
# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} too.
kube_apiserver_bind_address: 0.0.0.0 kube_apiserver_bind_address: 0.0.0.0
# https # https
kube_apiserver_port: 6443 kube_apiserver_port: 6443
# http # http