From 2a88210f783afc2e529893a424466ed7b420fa21 Mon Sep 17 00:00:00 2001 From: Sergii Golovatiuk Date: Fri, 24 Feb 2017 15:58:54 +0100 Subject: [PATCH] Change kube-api default port from 443 to 6443 Operator can specify any port for kube-api (6443 default) This helps in case where some pods such as Ingress require 443 exclusively. Closes: 820 Signed-off-by: Sergii Golovatiuk --- docs/ha-mode.md | 4 ++-- inventory/group_vars/all.yml | 2 +- inventory/group_vars/k8s-cluster.yml | 2 +- roles/kargo-defaults/defaults/main.yaml | 2 +- .../ansible/templates/calico-policy-controller.yml.j2 | 2 +- tests/testcases/010_check-apiserver.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/ha-mode.md b/docs/ha-mode.md index 5e5397939..20578f705 100644 --- a/docs/ha-mode.md +++ b/docs/ha-mode.md @@ -61,8 +61,8 @@ listen kubernetes-apiserver-https mode tcp timeout client 3h timeout server 3h - server master1 :443 - server master2 :443 + server master1 :6443 + server master2 :6443 balance roundrobin ``` diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 56a777e05..ca46d2817 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -21,7 +21,7 @@ #loadbalancer_apiserver_localhost: true ## Local loadbalancer should use this port instead, if defined. -## Defaults to kube_apiserver_port (443) +## Defaults to kube_apiserver_port (6443) #nginx_kube_apiserver_port: 8443 ### OTHER OPTIONAL VARIABLES diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml index df34f2c45..50bbee230 100644 --- a/inventory/group_vars/k8s-cluster.yml +++ b/inventory/group_vars/k8s-cluster.yml @@ -76,7 +76,7 @@ kube_network_node_prefix: 24 # The port the API Server will be listening on. kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" -kube_apiserver_port: 443 # (https) +kube_apiserver_port: 6443 # (https) kube_apiserver_insecure_port: 8080 # (http) # DNS configuration. diff --git a/roles/kargo-defaults/defaults/main.yaml b/roles/kargo-defaults/defaults/main.yaml index 9760058c4..a2ec34cb7 100644 --- a/roles/kargo-defaults/defaults/main.yaml +++ b/roles/kargo-defaults/defaults/main.yaml @@ -91,7 +91,7 @@ kube_network_node_prefix: 24 # The port the API Server will be listening on. kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" -kube_apiserver_port: 443 # (https) +kube_apiserver_port: 6443 # (https) kube_apiserver_insecure_port: 8080 # (http) # Path used to store Docker data diff --git a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 index 06bb78b7c..b31ae0f43 100644 --- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 @@ -45,7 +45,7 @@ spec: # changed so long as it is used in conjunction with # CONFIGURE_ETC_HOSTS="true". - name: K8S_API - value: "https://kubernetes.default:443" + value: "https://kubernetes.default:{{ kube_apiserver_port }}" # Configure /etc/hosts within the container to resolve # the kubernetes.default Service to the correct clusterIP # using the environment provided by the kubelet. diff --git a/tests/testcases/010_check-apiserver.yml b/tests/testcases/010_check-apiserver.yml index 7107da52f..8ca19e196 100644 --- a/tests/testcases/010_check-apiserver.yml +++ b/tests/testcases/010_check-apiserver.yml @@ -4,7 +4,7 @@ tasks: - name: Check the API servers are responding uri: - url: "https://{{ansible_ssh_host}}/api/v1" + url: "https://{{ access_ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }}/api/v1" user: kube password: changeme validate_certs: no