From 9b0f57a0a6d821a851908e48fbb3763b23b25070 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Mon, 9 Sep 2019 20:33:20 +0300
Subject: [PATCH] Adjust endpoints for kube-proxy,controller,scheduler to
 proper ip (#5150)

Change-Id: I5aa009358bee7035922b5a10327997e47c9ba434
---
 roles/kubernetes/kubeadm/tasks/main.yml             |  4 +++-
 .../master/tasks/kubeadm-fix-apiserver.yml          | 13 +++++++++++++
 roles/kubernetes/master/tasks/main.yml              |  3 +++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml

diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index af5a0855d..d749e7956 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -104,10 +104,12 @@
     - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
   notify: restart kubelet
 
+# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
+#                 incorrectly to first master, creating SPoF.
 - name: Update server field in kube-proxy kubeconfig
   shell: >-
     {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
-    | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
+    | sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g'
     | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
   run_once: true
   when:
diff --git a/roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml b/roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml
new file mode 100644
index 000000000..32a4e0ffb
--- /dev/null
+++ b/roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml
@@ -0,0 +1,13 @@
+---
+- name: Update server field in component kubeconfigs
+  lineinfile:
+    dest: "{{ kube_config_dir }}/{{ item }}.conf"
+    regexp: 'server:'
+    line: '    server: {{ kube_apiserver_endpoint }}'
+    backup: yes
+  with_items:
+    - controller-manager
+    - scheduler
+  when:
+    - not loadbalancer_apiserver is defined
+  notify: "Master | Restart kube-{{ item }}"
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 6d881caf9..4d646d22f 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -73,3 +73,6 @@
 - name: Include kubeadm etcd extra tasks
   include_tasks: kubeadm-etcd.yml
   when: etcd_kubeadm_enabled
+
+- name: Include kubeadm secondary server apiserver fixes
+  include_tasks: kubeadm-fix-apiserver.yml