[external-lb]: kubelet.conf server address and kube-proxy api-server address fix (#10490)
* [external-lb-kubeconfig]: fix server address in worker kubelet.conf Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com> * [external-lb-kubeconfig]: fix server address in kube-proxy Signed-off-by: Furkan Pehlivan <furkanpehlivan34@gmail.com> --------- Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com> Signed-off-by: Furkan Pehlivan <furkanpehlivan34@gmail.com> Co-authored-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>pull/10533/head
parent
3e522a9f59
commit
8cce6df80a
|
@ -129,6 +129,17 @@
|
||||||
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
||||||
notify: Kubeadm | restart kubelet
|
notify: Kubeadm | restart kubelet
|
||||||
|
|
||||||
|
- name: Update server field in kubelet kubeconfig - external lb
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ kube_config_dir }}/kubelet.conf"
|
||||||
|
regexp: '^ server: https'
|
||||||
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
||||||
|
backup: yes
|
||||||
|
when:
|
||||||
|
- not is_kube_master
|
||||||
|
- loadbalancer_apiserver is defined
|
||||||
|
notify: Kubeadm | restart kubelet
|
||||||
|
|
||||||
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
|
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
|
||||||
# incorrectly to first master, creating SPoF.
|
# incorrectly to first master, creating SPoF.
|
||||||
- name: Update server field in kube-proxy kubeconfig
|
- name: Update server field in kube-proxy kubeconfig
|
||||||
|
@ -149,6 +160,22 @@
|
||||||
tags:
|
tags:
|
||||||
- kube-proxy
|
- kube-proxy
|
||||||
|
|
||||||
|
- name: Update server field in kube-proxy kubeconfig - external lb
|
||||||
|
shell: >-
|
||||||
|
set -o pipefail && {{ kubectl }} get configmap kube-proxy -n kube-system -o yaml
|
||||||
|
| sed 's#server:.*#server: {{kube_apiserver_endpoint}}#g'
|
||||||
|
| {{ kubectl }} replace -f -
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||||
|
delegate_facts: false
|
||||||
|
when:
|
||||||
|
- kube_proxy_deployed
|
||||||
|
- loadbalancer_apiserver is defined
|
||||||
|
tags:
|
||||||
|
- kube-proxy
|
||||||
|
|
||||||
- name: Set ca.crt file permission
|
- name: Set ca.crt file permission
|
||||||
file:
|
file:
|
||||||
path: "{{ kube_cert_dir }}/ca.crt"
|
path: "{{ kube_cert_dir }}/ca.crt"
|
||||||
|
@ -162,8 +189,8 @@
|
||||||
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||||
delegate_facts: false
|
delegate_facts: false
|
||||||
when:
|
when:
|
||||||
- kubeadm_config_api_fqdn is not defined
|
- kubeadm_config_api_fqdn is not defined or loadbalancer_apiserver is defined
|
||||||
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "") or loadbalancer_apiserver is defined
|
||||||
- kube_proxy_deployed
|
- kube_proxy_deployed
|
||||||
tags:
|
tags:
|
||||||
- kube-proxy
|
- kube-proxy
|
||||||
|
|
Loading…
Reference in New Issue