From 633e819e5c6c08c52c583a016ca0b5edebd87d13 Mon Sep 17 00:00:00 2001
From: Kay Yan <kay.yan@daocloud.io>
Date: Thu, 20 Oct 2022 02:31:45 +0000
Subject: [PATCH] fix-api-lb-binds-interface

---
 roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2     | 2 +-
 roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2      | 2 +-
 roles/kubernetes/node/templates/manifests/haproxy.manifest.j2   | 2 ++
 .../kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 | 2 ++
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2 b/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2
index 1d5d7d945..b195ad20f 100644
--- a/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2
+++ b/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2
@@ -21,7 +21,7 @@ defaults
 
 {% if loadbalancer_apiserver_healthcheck_port is defined -%}
 frontend healthz
-  bind *:{{ loadbalancer_apiserver_healthcheck_port }}
+  bind 127.0.0.1:{{ loadbalancer_apiserver_healthcheck_port }}
   mode http
   monitor-uri /healthz
 {% endif %}
diff --git a/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2 b/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2
index fd3e5746c..1f541c277 100644
--- a/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2
@@ -43,7 +43,7 @@ http {
 
   {% if loadbalancer_apiserver_healthcheck_port is defined -%}
   server {
-    listen {{ loadbalancer_apiserver_healthcheck_port }};
+    listen 127.0.0.1:{{ loadbalancer_apiserver_healthcheck_port }};
     {% if enable_dual_stack_networks -%}
     listen [::]:{{ loadbalancer_apiserver_healthcheck_port }};
     {% endif -%}
diff --git a/roles/kubernetes/node/templates/manifests/haproxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/haproxy.manifest.j2
index 1efcbaede..7222e8cda 100644
--- a/roles/kubernetes/node/templates/manifests/haproxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/haproxy.manifest.j2
@@ -25,10 +25,12 @@ spec:
     {% if loadbalancer_apiserver_healthcheck_port is defined -%}
     livenessProbe:
       httpGet:
+        host: 127.0.0.1
         path: /healthz
         port: {{ loadbalancer_apiserver_healthcheck_port }}
     readinessProbe:
       httpGet:
+        host: 127.0.0.1
         path: /healthz
         port: {{ loadbalancer_apiserver_healthcheck_port }}
     {% endif -%}
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 04b9b734e..d6cb78dcc 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -25,10 +25,12 @@ spec:
     {% if loadbalancer_apiserver_healthcheck_port is defined -%}
     livenessProbe:
       httpGet:
+        host: 127.0.0.1
         path: /healthz
         port: {{ loadbalancer_apiserver_healthcheck_port }}
     readinessProbe:
       httpGet:
+        host: 127.0.0.1
         path: /healthz
         port: {{ loadbalancer_apiserver_healthcheck_port }}
     {% endif -%}