Merge pull request #12882 from VannTen/fix/defaut_lb_address_backport

[release-2.29] Use loadbalancer IP as default apiserver endpoint if no LB hostname is used

roles/container-engine/cri-o/templates/config.json.j2

@@ -1,16 +1,16 @@
 {% if crio_registry_auth is defined and crio_registry_auth|length %}
 {
-{% for reg in crio_registry_auth %}
   "auths": {
+{% for reg in crio_registry_auth %}
     "{{ reg.registry }}": {
       "auth": "{{ (reg.username + ':' + reg.password) | string | b64encode }}"
-    }
 {% if not loop.last %}
-  },
+    },
 {% else %}
-  }
+    }
 {% endif %}
 {% endfor %}
+  }
 }
 {% else %}
 {}

roles/etcd/templates/openssl.conf.j2

@@ -32,9 +32,6 @@ DNS.{{ counter["dns"] }} = {{ hostvars[host]['etcd_access_address'] }}{{ increme
 {# This will always expand to inventory_hostname, which can be a completely arbitrary name, that etcd will not know or care about, hence this line is (probably) redundant. #}
 DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
 {% endfor %}
-{% if apiserver_loadbalancer_domain_name is defined %}
-DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
-{% endif %}
 {% for etcd_alt_name in etcd_cert_alt_names %}
 DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
 {% endfor %}

roles/kubernetes/control-plane/tasks/kubeadm-setup.yml

@@ -90,7 +90,7 @@
 # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
 - name: Set kubeadm_config_api_fqdn define
   set_fact:
-    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name | default('lb-apiserver.kubernetes.local') }}"
+    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name }}"
   when: loadbalancer_apiserver is defined
 
 - name: Kubeadm | Create kubeadm config

roles/kubespray_defaults/defaults/main/main.yml

@@ -640,10 +640,10 @@ first_kube_control_plane_address: "{{ hostvars[groups['kube_control_plane'][0]][
 loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
 loadbalancer_apiserver_type: "nginx"
 # applied if only external loadbalancer_apiserver is defined, otherwise ignored
-apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
+apiserver_loadbalancer_domain_name: "{{ 'localhost' if loadbalancer_apiserver_localhost else (loadbalancer_apiserver.address | d(undef())) }}"
 kube_apiserver_global_endpoint: |-
   {% if loadbalancer_apiserver is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name | ansible.utils.ipwrap }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
   {%- elif loadbalancer_apiserver_localhost and (loadbalancer_apiserver_port is not defined or loadbalancer_apiserver_port == kube_apiserver_port) -%}
       https://localhost:{{ kube_apiserver_port }}
   {%- else -%}
@@ -651,7 +651,7 @@ kube_apiserver_global_endpoint: |-
   {%- endif %}
 kube_apiserver_endpoint: |-
   {% if loadbalancer_apiserver is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name | ansible.utils.ipwrap }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
   {%- elif ('kube_control_plane' not in group_names) and loadbalancer_apiserver_localhost -%}
       https://localhost:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }}
   {%- elif 'kube_control_plane' in group_names -%}

roles/network_facts/tasks/no_proxy.yml

@@ -4,7 +4,7 @@
     # noqa: jinja[spacing]
     no_proxy_prepare: >-
       {%- if loadbalancer_apiserver is defined -%}
-      {{ apiserver_loadbalancer_domain_name | default('') }},
+      {{ apiserver_loadbalancer_domain_name }},
       {{ loadbalancer_apiserver.address | default('') }},
       {%- endif -%}
       {%- if no_proxy_exclude_workers | default(false) -%}
@@ -32,7 +32,7 @@
 
 - name: Populates no_proxy to all hosts
   set_fact:
-    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
+    no_proxy: "{{ hostvars.localhost.no_proxy_prepare | select }}"
     # noqa: jinja[spacing]
     proxy_env: "{{ proxy_env | combine({
         'no_proxy': hostvars.localhost.no_proxy_prepare,