Add HA/LB endpoints for kube-apiserver

* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver vars and usecases. * Add loadbalancer_apiserver_localhost (default false). If enabled, override the external LB and expect localhost:443/8080 to be new internal only frontends. * Add kube_apiserver_multiaccess to ignore loadbalancers, and make clients to access the apiservers as a comma-separated list of access_ip/ip/ansible ip (a default mode). When disabled, allow clients to use the given loadbalancers. * Define connections security mode for kube controllers, schedulers, proxies. It is insecure be default, which is the current deployment choice. * Rework the groups['kube-master'][0] hardcode defining the apiserver endpoints. * Improve grouping of vars and add facts for kube_apiserver. * Define kube_apiserver_insecure_bind_address as a fact, add more facts for ease of use. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2026-03-10 20:29:18 +03:00 · 2016-07-13 17:13:47 +02:00
parent 277c5d74cc
commit a70c3b661e
8 changed files with 104 additions and 37 deletions
--- a/roles/kubernetes/master/templates/kubectl-kubeconfig.yaml.j2
+++ b/roles/kubernetes/master/templates/kubectl-kubeconfig.yaml.j2
@@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
    certificate-authority-data: {{ kube_node_cert|b64encode }}
-    server: https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}
+    server: {{ kube_apiserver_endpoint }}
  name: {{ cluster_name }}
 contexts:
 - context: