Fix if bind-address is not set to 0.0.0.0 (#8262)
* if bind-address is not set to 0.0.0.0 * Update docs and left comments * fix yamllist check: remove spacepull/8229/head
parent
46b1b7ab34
commit
615216f397
|
@ -102,12 +102,13 @@ exclusive to `loadbalancer_apiserver_localhost`.
|
|||
|
||||
Access API endpoints are evaluated automatically, as the following:
|
||||
|
||||
| Endpoint type | kube_control_plane | non-master | external |
|
||||
|------------------------------|--------------------|-------------------------|-----------------------|
|
||||
| Local LB (default) | `https://bip:sp` | `https://lc:nsp` | `https://m[0].aip:sp` |
|
||||
| Local LB + Unmanaged here LB | `https://bip:sp` | `https://lc:nsp` | `https://ext` |
|
||||
| External LB, no internal | `https://bip:sp` | `<https://lb:lp>` | `https://lb:lp` |
|
||||
| No ext/int LB | `https://bip:sp` | `<https://m[0].aip:sp>` | `https://m[0].aip:sp` |
|
||||
| Endpoint type | kube_control_plane | non-master | external |
|
||||
|------------------------------|------------------------------------------|-------------------------|-----------------------|
|
||||
| Local LB (default) | `https://dbip:sp` | `https://lc:nsp` | `https://m[0].aip:sp` |
|
||||
| Local LB (default) + cbip | `https://cbip:sp` and `https://lc:nsp` | `https://lc:nsp` | `https://m[0].aip:sp` |
|
||||
| Local LB + Unmanaged here LB | `https://dbip:sp` | `https://lc:nsp` | `https://ext` |
|
||||
| External LB, no internal | `https://dbip:sp` | `<https://lb:lp>` | `https://lb:lp` |
|
||||
| No ext/int LB | `https://dbip:sp` | `<https://m[0].aip:sp>` | `https://m[0].aip:sp` |
|
||||
|
||||
Where:
|
||||
|
||||
|
@ -115,7 +116,8 @@ Where:
|
|||
* `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`;
|
||||
* `ext` - Externally load balanced VIP:port and FQDN, not managed by Kubespray;
|
||||
* `lc` - localhost;
|
||||
* `bip` - a custom bind IP or localhost for the default bind IP '0.0.0.0';
|
||||
* `cbip` - a custom bind IP, `kube_apiserver_bind_address`;
|
||||
* `dbip` - localhost for the default bind IP '0.0.0.0';
|
||||
* `nsp` - nginx secure port, `loadbalancer_apiserver_port`, defers to `sp`;
|
||||
* `sp` - secure port, `kube_apiserver_port`;
|
||||
* `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port;
|
||||
|
|
|
@ -10,6 +10,8 @@ kube_apiserver_insecure_bind_address: 127.0.0.1
|
|||
|
||||
# By default the external API listens on all interfaces, this can be changed to
|
||||
# listen on a specific address/interface.
|
||||
# NOTE: If you specific address/interface and use loadbalancer_apiserver_localhost
|
||||
# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} too.
|
||||
kube_apiserver_bind_address: 0.0.0.0
|
||||
|
||||
# A port range to reserve for services with NodePort visibility.
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
- import_tasks: loadbalancer/nginx-proxy.yml
|
||||
when:
|
||||
- not is_kube_master
|
||||
- not is_kube_master or kube_apiserver_bind_address != '0.0.0.0'
|
||||
- loadbalancer_apiserver_localhost
|
||||
- loadbalancer_apiserver_type == 'nginx'
|
||||
tags:
|
||||
|
@ -27,7 +27,7 @@
|
|||
|
||||
- import_tasks: loadbalancer/haproxy.yml
|
||||
when:
|
||||
- not is_kube_master
|
||||
- not is_kube_master or kube_apiserver_bind_address != '0.0.0.0'
|
||||
- loadbalancer_apiserver_localhost
|
||||
- loadbalancer_apiserver_type == 'haproxy'
|
||||
tags:
|
||||
|
|
|
@ -214,7 +214,11 @@ kube_network_node_prefix_ipv6: 120
|
|||
# NOTE: loadbalancer_apiserver_localhost somewhat alters the final API enpdoint
|
||||
# access IP value (automatically evaluated below)
|
||||
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
|
||||
|
||||
# NOTE: If you specific address/interface and use loadbalancer_apiserver_localhost
|
||||
# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} too.
|
||||
kube_apiserver_bind_address: 0.0.0.0
|
||||
|
||||
# https
|
||||
kube_apiserver_port: 6443
|
||||
# http
|
||||
|
|
Loading…
Reference in New Issue