Merge pull request #904 from galthaus/nginx-port-config
Add nginx local balancer port configuration variable
This commit is contained in:
commit
77eeacb315
4 changed files with 20 additions and 11 deletions
|
@ -33,15 +33,20 @@ proxy. Kargo includes support for an nginx-based proxy that resides on each
|
||||||
non-master Kubernetes node. This is referred to as localhost loadbalancing. It
|
non-master Kubernetes node. This is referred to as localhost loadbalancing. It
|
||||||
is less efficient than a dedicated load balancer because it creates extra
|
is less efficient than a dedicated load balancer because it creates extra
|
||||||
health checks on the Kubernetes apiserver, but is more practical for scenarios
|
health checks on the Kubernetes apiserver, but is more practical for scenarios
|
||||||
where an external LB or virtual IP management is inconvenient.
|
where an external LB or virtual IP management is inconvenient. This option is
|
||||||
|
configured by the variable `loadbalancer_apiserver_localhost`. You may also
|
||||||
|
define the port the local internal loadbalancer users by changing,
|
||||||
|
`nginx_kube_apiserver_port`. This defaults to the value of `kube_apiserver_port`.
|
||||||
|
It is also import to note that Kargo will only configure kubelet and kube-proxy
|
||||||
|
on non-master nodes to use the local internal loadbalancer.
|
||||||
|
|
||||||
This option is configured by the variable `loadbalancer_apiserver_localhost`.
|
If you choose to NOT use the local internal loadbalancer, you will need to configure
|
||||||
you will need to configure your own loadbalancer to achieve HA. Note that
|
your own loadbalancer to achieve HA. Note that deploying a loadbalancer is up to
|
||||||
deploying a loadbalancer is up to a user and is not covered by ansible roles
|
a user and is not covered by ansible roles in Kargo. By default, it only configures
|
||||||
in Kargo. By default, it only configures a non-HA endpoint, which points to
|
a non-HA endpoint, which points to the `access_ip` or IP address of the first server
|
||||||
the `access_ip` or IP address of the first server node in the `kube-master`
|
node in the `kube-master` group. It can also configure clients to use endpoints
|
||||||
group. It can also configure clients to use endpoints for a given loadbalancer
|
for a given loadbalancer type. The following diagram shows how traffic to the
|
||||||
type. The following diagram shows how traffic to the apiserver is directed.
|
apiserver is directed.
|
||||||
|
|
||||||
![Image](figures/loadbalancer_localhost.png?raw=true)
|
![Image](figures/loadbalancer_localhost.png?raw=true)
|
||||||
|
|
||||||
|
@ -90,7 +95,7 @@ Access endpoints are evaluated automagically, as the following:
|
||||||
|
|
||||||
| Endpoint type | kube-master | non-master |
|
| Endpoint type | kube-master | non-master |
|
||||||
|------------------------------|---------------|---------------------|
|
|------------------------------|---------------|---------------------|
|
||||||
| Local LB | http://lc:p | https://lc:sp |
|
| Local LB | http://lc:p | https://lc:nsp |
|
||||||
| External LB, no internal | https://lb:lp | https://lb:lp |
|
| External LB, no internal | https://lb:lp | https://lb:lp |
|
||||||
| No ext/int LB (default) | http://lc:p | https://m[0].aip:sp |
|
| No ext/int LB (default) | http://lc:p | https://m[0].aip:sp |
|
||||||
|
|
||||||
|
@ -99,7 +104,9 @@ Where:
|
||||||
* `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`;
|
* `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`;
|
||||||
* `lc` - localhost;
|
* `lc` - localhost;
|
||||||
* `p` - insecure port, `kube_apiserver_insecure_port`
|
* `p` - insecure port, `kube_apiserver_insecure_port`
|
||||||
|
* `nsp` - nginx secure port, `nginx_kube_apiserver_port`;
|
||||||
* `sp` - secure port, `kube_apiserver_port`;
|
* `sp` - secure port, `kube_apiserver_port`;
|
||||||
* `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port;
|
* `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port;
|
||||||
* `ip` - the node IP, defers to the ansible IP;
|
* `ip` - the node IP, defers to the ansible IP;
|
||||||
* `aip` - `access_ip`, defers to the ip.
|
* `aip` - `access_ip`, defers to the ip.
|
||||||
|
|
||||||
|
|
|
@ -127,6 +127,8 @@ peer_with_router: false
|
||||||
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
|
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
|
||||||
kube_apiserver_port: 443 # (https)
|
kube_apiserver_port: 443 # (https)
|
||||||
kube_apiserver_insecure_port: 8080 # (http)
|
kube_apiserver_insecure_port: 8080 # (http)
|
||||||
|
# local loadbalancer should use this port instead - default to kube_apiserver_port
|
||||||
|
nginx_kube_apiserver_port: "{{ kube_apiserver_port }}"
|
||||||
|
|
||||||
# Internal DNS configuration.
|
# Internal DNS configuration.
|
||||||
# Kubernetes can create and mainatain its own DNS server to resolve service names
|
# Kubernetes can create and mainatain its own DNS server to resolve service names
|
||||||
|
|
|
@ -16,7 +16,7 @@ stream {
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 127.0.0.1:{{ kube_apiserver_port }};
|
listen 127.0.0.1:{{ nginx_kube_apiserver_port }};
|
||||||
proxy_pass kube_apiserver;
|
proxy_pass kube_apiserver;
|
||||||
proxy_timeout 10m;
|
proxy_timeout 10m;
|
||||||
proxy_connect_timeout 1s;
|
proxy_connect_timeout 1s;
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
- set_fact:
|
- set_fact:
|
||||||
kube_apiserver_endpoint: |-
|
kube_apiserver_endpoint: |-
|
||||||
{% if not is_kube_master and loadbalancer_apiserver_localhost -%}
|
{% if not is_kube_master and loadbalancer_apiserver_localhost -%}
|
||||||
https://localhost:{{ kube_apiserver_port }}
|
https://localhost:{{ nginx_kube_apiserver_port }}
|
||||||
{%- elif is_kube_master and loadbalancer_apiserver is not defined -%}
|
{%- elif is_kube_master and loadbalancer_apiserver is not defined -%}
|
||||||
http://127.0.0.1:{{ kube_apiserver_insecure_port }}
|
http://127.0.0.1:{{ kube_apiserver_insecure_port }}
|
||||||
{%- else -%}
|
{%- else -%}
|
||||||
|
|
Loading…
Reference in a new issue