From 3ed5f89cf5fcb21f6e5e9c48d1a9c0c9d736b1bc Mon Sep 17 00:00:00 2001
From: rongzhang <rongzhang@alauda.io>
Date: Fri, 11 Jan 2019 12:40:25 +0800
Subject: [PATCH] Add update server field in kube-proxy kubeconfig

I know this is a bit hack.
If you use cloud LB, you can use kubeadm's controlPlaneEndpoint to configure kube-proxy's server field.
But for nginx-proxy, it didn't start when kubeadm init.
---
 inventory/sample/group_vars/all/all.yml |  6 +++---
 roles/kubernetes/kubeadm/tasks/main.yml | 27 +++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index b9b8a09aa..6f21b8f86 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -21,9 +21,9 @@ bin_dir: /usr/local/bin
 ## Internal loadbalancers for apiservers
 #loadbalancer_apiserver_localhost: true
 
-## Local loadbalancer should use this port instead, if defined.
-## Defaults to kube_apiserver_port (6443)
-#nginx_kube_apiserver_port: 8443
+## Local loadbalancer should use this port
+## And must be set port 6443
+nginx_kube_apiserver_port: 6443
 
 ### OTHER OPTIONAL VARIABLES
 ## For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index 2fbfac851..a705e32e7 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -92,6 +92,33 @@
     - kubeadm_discovery_address != kube_apiserver_endpoint
   notify: restart kubelet
 
+- name: Update server field in kube-proxy kubeconfig
+  shell: >-
+    {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
+    | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
+    | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
+  delegate_to: "{{groups['kube-master']|first}}"
+  run_once: true
+  when:
+    - kubeadm_config_api_fqdn is not defined
+    - is_kube_master
+    - kubeadm_discovery_address != kube_apiserver_endpoint
+    - not kube_proxy_remove
+  tags:
+    - kube-proxy
+
+- name: Restart all kube-proxy pods to ensure that they load the new configmap
+  shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy"
+  delegate_to: "{{groups['kube-master']|first}}"
+  run_once: true
+  when:
+    - kubeadm_config_api_fqdn is not defined
+    - is_kube_master
+    - kubeadm_discovery_address != kube_apiserver_endpoint
+    - not kube_proxy_remove
+  tags:
+    - kube-proxy
+
 # FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
 - name: Symlink kubelet kubeconfig for calico/canal
   file:
-- 
GitLab