From 89847d5684b9ea734333ae795d673e28de788885 Mon Sep 17 00:00:00 2001 From: Ayaz Ahmed Khan Date: Wed, 12 Jul 2017 12:51:12 +0500 Subject: [PATCH] Explicitly defines the --kubelet-preferred-address-types parameter to the API server configuration. This solves the problem where if you have non-resolvable node names, and try to scale the server by adding new nodes, kubectl commands start to fail for newly added nodes, giving a TCP timeout error when trying to resolve the node hostname against a public DNS. --- roles/kubernetes/master/defaults/main.yml | 3 +++ .../master/templates/manifests/kube-apiserver.manifest.j2 | 1 + 2 files changed, 4 insertions(+) diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml index 64a71fc22..59e528822 100644 --- a/roles/kubernetes/master/defaults/main.yml +++ b/roles/kubernetes/master/defaults/main.yml @@ -78,6 +78,9 @@ kube_oidc_auth: false ## Variables for custom flags apiserver_custom_flags: [] +# List of the preferred NodeAddressTypes to use for kubelet connections. +kubelet_preferred_address_types: 'InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP' + controller_mgr_custom_flags: [] scheduler_custom_flags: [] diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index bee13b4ec..0dbe93cab 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -51,6 +51,7 @@ spec: - --kubelet-client-certificate={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem - --kubelet-client-key={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem - --service-account-lookup=true + - --kubelet-preferred-address-types={{ kubelet_preferred_address_types }} {% if kube_basic_auth|default(true) %} - --basic-auth-file={{ kube_users_dir }}/known_users.csv {% endif %}