feat:add configurable apiserver secure-port

2021-04-02 18:53:46 +08:00 · 2021-04-02 18:53:46 +08:00 · 2ea25dd600
parent e13fe39eda
commit 2ea25dd600
9 changed files with 13 additions and 30 deletions
--- a/example/hosts.allinone
+++ b/example/hosts.allinone
@ -26,6 +26,9 @@

 [all:vars]
 # --------- Main Variables ---------------
+# Secure port for apiservers
+SECURE_PORT="6443"
+
 # Cluster container-runtime supported: docker, containerd
 CONTAINER_RUNTIME="docker"

--- a/example/hosts.multi-node
+++ b/example/hosts.multi-node
@ -30,6 +30,9 @@

 [all:vars]
 # --------- Main Variables ---------------
+# Secure port for apiservers
+SECURE_PORT="6443"
+
 # Cluster container-runtime supported: docker, containerd
 CONTAINER_RUNTIME="docker"

--- a/roles/deploy/vars/main.yml
+++ b/roles/deploy/vars/main.yml
@ -1,5 +1,5 @@
 # apiserver 默认第一个master节点
-KUBE_APISERVER: "https://{{ groups['kube_master'][0] }}:6443"
+KUBE_APISERVER: "https://{{ groups['kube_master'][0] }}:{{ SECURE_PORT }}"

 #
 ADD_KCFG: false
--- a/roles/ex-lb/templates/haproxy.cfg.j2
+++ b/roles/ex-lb/templates/haproxy.cfg.j2
@ -21,7 +21,7 @@ listen kube_master
        option dontlog-normal
        balance {{ BALANCE_ALG }}
 {% for host in groups['kube_master'] %}
-        server {{ host }} {{ host }}:6443 check inter 5s fall 2 rise 2 weight 1
+        server {{ host }} {{ host }}:{{ SECURE_PORT }} check inter 5s fall 2 rise 2 weight 1
 {% endfor %}

 {% if INGRESS_NODEPORT_LB == "yes" %}
--- a/roles/kube-lb/templates/kube-lb.conf.j2
+++ b/roles/kube-lb/templates/kube-lb.conf.j2
@ -10,12 +10,12 @@ events {
 stream {
    upstream backend {
 {% for host in groups['kube_master'] %}
-        server {{ host }}:6443    max_fails=2 fail_timeout=3s;
+        server {{ host }}:{{ SECURE_PORT }}    max_fails=2 fail_timeout=3s;
 {% endfor %}
    }

    server {
-        listen 127.0.0.1:6443;
+        listen 127.0.0.1:{{ SECURE_PORT }};
        proxy_connect_timeout 1s;
        proxy_pass backend;
    }
--- a/roles/kube-master/tasks/main.yml
+++ b/roles/kube-master/tasks/main.yml
@ -57,7 +57,7 @@
  lineinfile:
    dest: "{{ item }}"
    regexp: "^    server"
-    line: "    server: https://127.0.0.1:6443"
+    line: "    server: https://127.0.0.1:{{ SECURE_PORT }}"
  with_items:
  - "/root/.kube/config"
  - "/etc/kubernetes/kube-controller-manager.kubeconfig"
--- a/roles/kube-master/templates/kube-apiserver.service.j2
+++ b/roles/kube-master/templates/kube-apiserver.service.j2
@ -20,6 +20,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
  --kubelet-certificate-authority={{ ca_dir }}/ca.pem \
  --kubelet-client-certificate={{ ca_dir }}/kubernetes.pem \
  --kubelet-client-key={{ ca_dir }}/kubernetes-key.pem \
+  --secure-port={{ SECURE_PORT }} \
  --service-account-issuer=kubernetes.default.svc \
  --service-account-signing-key-file={{ ca_dir }}/ca-key.pem \
  --service-account-key-file={{ ca_dir }}/ca.pem \
--- a/roles/kube-node/templates/haproxy.cfg.j2
+++ b/roles/kube-node/templates/haproxy.cfg.j2
@ -1,24 +0,0 @@
-global
-        log /dev/log    local1 warning
-        chroot /var/lib/haproxy
-        user haproxy
-        group haproxy
-        daemon
-        nbproc 1
-
-defaults
-        log     global
-        timeout connect 5s
-        timeout client  10m
-        timeout server  10m
-
-listen kube_master
-        bind 127.0.0.1:6443
-        mode tcp
-        option tcplog
-        option dontlognull
-        option dontlog-normal
-        balance {{ BALANCE_ALG }} 
-{% for host in groups['kube_master'] %}
-        server {{ host }} {{ host }}:6443 check inter 10s fall 2 rise 2 weight 1
-{% endfor %}
--- a/roles/kube-node/vars/main.yml
+++ b/roles/kube-node/vars/main.yml
@ -1,5 +1,5 @@
 # 设置 APISERVER 地址，使用kube-lb负载均衡监听地址
-KUBE_APISERVER: "https://127.0.0.1:6443"
+KUBE_APISERVER: "https://127.0.0.1:{{ SECURE_PORT }}"

 # node local dns cache 离线镜像
 dnscache_offline: "k8s-dns-node-cache_{{ dnsNodeCacheVer }}.tar"