From d31c040dc0764b3167b76fdc8cf9eac6f06b43e6 Mon Sep 17 00:00:00 2001
From: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Date: Fri, 24 Feb 2017 15:58:54 +0100
Subject: [PATCH] Change kube-api default port from 443 to 6443
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.
Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
---
docs/ha-mode.md | 4 ++--
inventory/group_vars/all.yml | 2 +-
inventory/group_vars/k8s-cluster.yml | 2 +-
roles/kargo-defaults/defaults/main.yaml | 2 +-
.../ansible/templates/calico-policy-controller.yml.j2 | 2 +-
tests/testcases/010_check-apiserver.yml | 2 +-
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/ha-mode.md b/docs/ha-mode.md
index 5e5397939..20578f705 100644
--- a/docs/ha-mode.md
+++ b/docs/ha-mode.md
@@ -61,8 +61,8 @@ listen kubernetes-apiserver-https
mode tcp
timeout client 3h
timeout server 3h
- server master1 <IP1>:443
- server master2 <IP2>:443
+ server master1 <IP1>:6443
+ server master2 <IP2>:6443
balance roundrobin
```
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 56a777e05..ca46d2817 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -21,7 +21,7 @@
#loadbalancer_apiserver_localhost: true
## Local loadbalancer should use this port instead, if defined.
-## Defaults to kube_apiserver_port (443)
+## Defaults to kube_apiserver_port (6443)
#nginx_kube_apiserver_port: 8443
### OTHER OPTIONAL VARIABLES
diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
index df34f2c45..50bbee230 100644
--- a/inventory/group_vars/k8s-cluster.yml
+++ b/inventory/group_vars/k8s-cluster.yml
@@ -76,7 +76,7 @@ kube_network_node_prefix: 24
# The port the API Server will be listening on.
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
-kube_apiserver_port: 443 # (https)
+kube_apiserver_port: 6443 # (https)
kube_apiserver_insecure_port: 8080 # (http)
# DNS configuration.
diff --git a/roles/kargo-defaults/defaults/main.yaml b/roles/kargo-defaults/defaults/main.yaml
index 9760058c4..a2ec34cb7 100644
--- a/roles/kargo-defaults/defaults/main.yaml
+++ b/roles/kargo-defaults/defaults/main.yaml
@@ -91,7 +91,7 @@ kube_network_node_prefix: 24
# The port the API Server will be listening on.
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
-kube_apiserver_port: 443 # (https)
+kube_apiserver_port: 6443 # (https)
kube_apiserver_insecure_port: 8080 # (http)
# Path used to store Docker data
diff --git a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
index 06bb78b7c..b31ae0f43 100644
--- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
@@ -45,7 +45,7 @@ spec:
# changed so long as it is used in conjunction with
# CONFIGURE_ETC_HOSTS="true".
- name: K8S_API
- value: "https://kubernetes.default:443"
+ value: "https://kubernetes.default:{{ kube_apiserver_port }}"
# Configure /etc/hosts within the container to resolve
# the kubernetes.default Service to the correct clusterIP
# using the environment provided by the kubelet.
diff --git a/tests/testcases/010_check-apiserver.yml b/tests/testcases/010_check-apiserver.yml
index 7107da52f..8ca19e196 100644
--- a/tests/testcases/010_check-apiserver.yml
+++ b/tests/testcases/010_check-apiserver.yml
@@ -4,7 +4,7 @@
tasks:
- name: Check the API servers are responding
uri:
- url: "https://{{ansible_ssh_host}}/api/v1"
+ url: "https://{{ access_ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }}/api/v1"
user: kube
password: changeme
validate_certs: no
--
GitLab