Merge pull request #904 from galthaus/nginx-port-config

Add nginx local balancer port configuration variable

Merge pull request #904 from galthaus/nginx-port-config
aae0314b · Matthew Mosesohn · GitHub · 35d5248d · 0022a2b2 · aae0314b
Commit aae0314b authored 8 years ago by Matthew Mosesohn Committed by GitHub 8 years ago
--- a/docs/ha-mode.md
+++ b/docs/ha-mode.md
@@ -33,15 +33,20 @@ proxy. Kargo includes support for an nginx-based proxy that resides on each
 non-master Kubernetes node. This is referred to as localhost loadbalancing. It
 is less efficient than a dedicated load balancer because it creates extra
 health checks on the Kubernetes apiserver, but is more practical for scenarios
-where an external LB or virtual IP management is inconvenient.
+where an external LB or virtual IP management is inconvenient.  This option is
+configured by the variable `loadbalancer_apiserver_localhost`.  You may also
-This option is configured by the variable `loadbalancer_apiserver_localhost`.
+define the port the local internal loadbalancer users by changing,
-you will need to configure your own loadbalancer to achieve HA. Note that
+`nginx_kube_apiserver_port`.  This defaults to the value of `kube_apiserver_port`.
-deploying a loadbalancer is up to a user and is not covered by ansible roles
+It is also import to note that Kargo will only configure kubelet and kube-proxy
-in Kargo. By default, it only configures a non-HA endpoint, which points to
+on non-master nodes to use the local internal loadbalancer.
-the `access_ip` or IP address of the first server node in the `kube-master`
-group. It can also configure clients to use endpoints for a given loadbalancer
+If you choose to NOT use the local internal loadbalancer, you will need to configure
-type. The following diagram shows how traffic to the apiserver is directed.
+your own loadbalancer to achieve HA. Note that deploying a loadbalancer is up to
+a user and is not covered by ansible roles in Kargo. By default, it only configures
+a non-HA endpoint, which points to the `access_ip` or IP address of the first server
+node in the `kube-master` group. It can also configure clients to use endpoints
+for a given loadbalancer type. The following diagram shows how traffic to the
+apiserver is directed.
 ![Image](figures/loadbalancer_localhost.png?raw=true)
@@ -90,7 +95,7 @@ Access endpoints are evaluated automagically, as the following:
 | Endpoint type                | kube-master   | non-master          |
 |------------------------------|---------------|---------------------|
-| Local LB                     | http://lc:p   | https://lc:sp       |
+| Local LB                     | http://lc:p   | https://lc:nsp      |
 | External LB, no internal     | https://lb:lp | https://lb:lp       |
 | No ext/int LB (default)      | http://lc:p   | https://m[0].aip:sp |
@@ -99,7 +104,9 @@ Where:
 * `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`;
 * `lc` - localhost;
 * `p` - insecure port, `kube_apiserver_insecure_port`
+* `nsp` - nginx secure port, `nginx_kube_apiserver_port`;
 * `sp` - secure port, `kube_apiserver_port`;
 * `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port;
 * `ip` - the node IP, defers to the ansible IP;
 * `aip` - `access_ip`, defers to the ip.
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -127,6 +127,8 @@ peer_with_router: false
 kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
 kube_apiserver_port: 443 # (https)
 kube_apiserver_insecure_port: 8080 # (http)
+# local loadbalancer should use this port instead - default to kube_apiserver_port
+nginx_kube_apiserver_port: "{{ kube_apiserver_port }}"
 # Internal DNS configuration.
 # Kubernetes can create and mainatain its own DNS server to resolve service names

--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -16,7 +16,7 @@ stream {
        }
        server {
-            listen        127.0.0.1:{{ kube_apiserver_port }};
+            listen        127.0.0.1:{{ nginx_kube_apiserver_port }};
            proxy_pass    kube_apiserver;
            proxy_timeout 10m;
            proxy_connect_timeout 1s;

--- a/roles/kubernetes/preinstall/tasks/set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_facts.yml
@@ -10,7 +10,7 @@
 - set_fact:
    kube_apiserver_endpoint: |-
      {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
-           https://localhost:{{ kube_apiserver_port }}
+           https://localhost:{{ nginx_kube_apiserver_port }}
      {%- elif is_kube_master and loadbalancer_apiserver is not defined -%}
           http://127.0.0.1:{{ kube_apiserver_insecure_port }}
      {%- else -%}