search

kubernetes-sigs / kubespray

Deploy a Production Ready Kubernetes Cluster
Apache License 2.0
16.2k stars 6.49k forks source link

Changing loadbalancer_apiserver_localhost does not update "server: https://localhost:6443" in /etc/kubernetes/kubelet.conf #11711

Open gomin1d opened 1 week ago

gomin1d commented 1 week ago

What happened?

I wanted to disable loadbalancer api-server because I only have one master-host and one api-server respectively. I wanted the api server to be accessed directly by the work hosts.

According to this code:

kube_apiserver_global_endpoint: |-
  {% if loadbalancer_apiserver is defined -%}
      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
  {%- elif loadbalancer_apiserver_localhost and (loadbalancer_apiserver_port is not defined or loadbalancer_apiserver_port == kube_apiserver_port) -%}
      https://localhost:{{ kube_apiserver_port }}
  {%- else -%}
      https://{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }}
  {%- endif %}
kube_apiserver_endpoint: |-
  {% if loadbalancer_apiserver is defined -%}
      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
  {%- elif ('kube_control_plane' not in group_names) and loadbalancer_apiserver_localhost -%}
      https://localhost:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }}
  {%- elif 'kube_control_plane' in group_names -%}
      https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0', '127.0.0.1') }}:{{ kube_apiserver_port }}
  {%- else -%}
      https://{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }}
  {%- endif %}

https://github.com/kubernetes-sigs/kubespray/blob/05e2b47db63fa6959779c3915c3e27d92afe6f37/roles/kubespray-defaults/defaults/main/main.yml#L558

If I disable loadbalancer_apiserver_localhost: false then all work hosts will contact the first api server directly (first_kube_control_plane_address). Then it won't work, the value in /etc/kubernetes/kubelet.conf won't change.

What did you expect to happen?

That the kubespray ansible script will update the /etc/kubernetes/kubelet.conf.

How can we reproduce it (as minimally and precisely as possible)?

  1. First run kubescray with default values.
  2. Then change loadbalancer_apiserver_localhost to "false".
  3. /etc/kubernetes/kubelet.conf on the work host will NOT be updated.

OS

debian 11

Version of Ansible

ansible-core-2.15.13

Version of Python

python:3.9.2

Version of Kubespray (commit)

release-2.24

Network plugin used

calico

Full inventory with variables

# ## Configure 'ip' variable to bind kubernetes services on a
# ## different ip than the default iface
# ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.
[all]
# node1 ansible_host=95.54.0.12  # ip=10.3.0.1 etcd_member_name=etcd1
# node2 ansible_host=95.54.0.13  # ip=10.3.0.2 etcd_member_name=etcd2
# node3 ansible_host=95.54.0.14  # ip=10.3.0.3 etcd_member_name=etcd3
# node4 ansible_host=95.54.0.15  # ip=10.3.0.4 etcd_member_name=etcd4
# node5 ansible_host=95.54.0.16  # ip=10.3.0.5 etcd_member_name=etcd5
# node6 ansible_host=95.54.0.17  # ip=10.3.0.6 etcd_member_name=etcd6
host1.gomin1d.local ansible_host=secret ip=secret access_ip=secret etcd_member_name=etcd1
dev.mineland.local ansible_host=secret ip=secret access_ip=secret

# ## configure a bastion host if your nodes are not directly reachable
# [bastion]
# bastion ansible_host=x.x.x.x ansible_user=some_user

[kube_control_plane]
# node1
# node2
# node3
host1.gomin1d.local

[etcd]
# node1
# node2
# node3
host1.gomin1d.local

[kube_node]
# node2
# node3
# node4
# node5
# node6
host1.gomin1d.local
dev.mineland.local

[calico_rr]

[k8s_cluster:children]
kube_control_plane
kube_node
calico_rr

Command used to invoke ansible

-

Output of ansible run

-

Anything else we need to know

No response