Ansible: Adding variable for kubernetes apiserver port

2025-07-31 07:20:13 +00:00 · 2015-07-06 17:33:32 -07:00 · 2015-07-06 17:33:32 -07:00 · 29980851f7
commit 29980851f7
parent 90b1318168
11 changed files with 15 additions and 12 deletions
--- a/contrib/ansible/roles/kubernetes/defaults/main.yml
+++ b/contrib/ansible/roles/kubernetes/defaults/main.yml
@ -1,3 +1,6 @@
+# The port that the Kubernetes apiserver component listens on.
+kube_master_api_port: 443
+
 # This directory is where all the additional scripts go
 # that Kubernetes normally puts in /srv/kubernetes.
 # This puts them in a sane location
--- a/contrib/ansible/roles/kubernetes/templates/config.j2
+++ b/contrib/ansible/roles/kubernetes/templates/config.j2
@ -20,4 +20,4 @@ KUBE_LOG_LEVEL="--v=0"
 KUBE_ALLOW_PRIV="--allow_privileged=true"

 # How the replication controller, scheduler, and proxy
-KUBE_MASTER="--master=https://{{ groups['masters'][0] }}:443"
+KUBE_MASTER="--master=https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}"
--- a/contrib/ansible/roles/master/tasks/firewalld.yml
+++ b/contrib/ansible/roles/master/tasks/firewalld.yml
@ -1,10 +1,10 @@
 ---
 - name: Open firewalld port for apiserver
-  firewalld: port=443/tcp permanent=false state=enabled
+  firewalld: port={{ kube_master_api_port }}/tcp permanent=false state=enabled
  # in case this is also a node with firewalld turned off
  ignore_errors: yes

 - name: Save firewalld port for apiserver
-  firewalld: port=443/tcp permanent=true state=enabled
+  firewalld: port={{ kube_master_api_port }}/tcp permanent=true state=enabled
  # in case this is also a node with firewalld turned off
  ignore_errors: yes
--- a/contrib/ansible/roles/master/tasks/iptables.yml
+++ b/contrib/ansible/roles/master/tasks/iptables.yml
@ -5,7 +5,7 @@
  always_run: yes

 - name: Open apiserver port with iptables
-  command: /sbin/iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT -m comment --comment "kube-apiserver"
+  command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ kube_master_api_port }} -j ACCEPT -m comment --comment "kube-apiserver"
  when: "'kube-apiserver' not in iptablesrules.stdout"
  notify:
    - restart iptables
--- a/contrib/ansible/roles/master/templates/apiserver.j2
+++ b/contrib/ansible/roles/master/templates/apiserver.j2
@ -8,7 +8,7 @@
 KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"

 # The port on the local server to listen on.
-KUBE_API_PORT="--secure-port=443"
+KUBE_API_PORT="--secure-port={{ kube_master_api_port }}"

 # Port nodes listen on
 # KUBELET_PORT="--kubelet_port=10250"
--- a/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2
+++ b/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2
@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
    certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
  name: {{ cluster_name }}
 contexts:
 - context:
--- a/contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2
+++ b/contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2
@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
    certificate-authority-data: {{ kube_ca_cert|b64encode }}
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
  name: {{ cluster_name }}
 contexts:
 - context:
--- a/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2
+++ b/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2
@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
    certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
  name: {{ cluster_name }}
 contexts:
 - context:
--- a/contrib/ansible/roles/node/templates/kubelet.j2
+++ b/contrib/ansible/roles/node/templates/kubelet.j2
@ -11,11 +11,11 @@ KUBELET_ADDRESS="--address=0.0.0.0"
 KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"

 # location of the api-server
-KUBELET_API_SERVER="--api_servers=https://{{ groups['masters'][0]}}:443"
+KUBELET_API_SERVER="--api_servers=https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}"

 # Add your own!
 {% if dns_setup %}
 KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% else %}
-KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--kubeconfig={{ kube_config_dir }}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% endif %}
--- a/contrib/ansible/roles/node/templates/kubelet.kubeconfig.j2
+++ b/contrib/ansible/roles/node/templates/kubelet.kubeconfig.j2
@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
    certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
  name: {{ cluster_name }}
 contexts:
 - context:
--- a/contrib/ansible/roles/node/templates/proxy.kubeconfig.j2
+++ b/contrib/ansible/roles/node/templates/proxy.kubeconfig.j2
@ -10,7 +10,7 @@ contexts:
 clusters:
 - cluster:
    certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
  name: {{ cluster_name }}
 users:
 - name: proxy