diff --git a/cluster/gce/configure-vm.sh b/cluster/gce/configure-vm.sh index 7e305749633..54d8a76c85b 100644 --- a/cluster/gce/configure-vm.sh +++ b/cluster/gce/configure-vm.sh @@ -494,9 +494,10 @@ EOF token-url = ${TOKEN_URL} project-id = ${PROJECT_ID} EOF + EXTERNAL_IP=$(curl --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") cat <>/etc/salt/minion.d/grains.conf cloud_config: /etc/gce.conf - advertise_address: '${KUBERNETES_MASTER_NAME}' + advertise_address: '${EXTERNAL_IP}' EOF fi } diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest index 6b7f59e4a79..e2932ac2896 100644 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest @@ -80,7 +80,7 @@ {% endif -%} {% set params = address + " " + etcd_servers + " " + cloud_provider + " " + cloud_config + " " + runtime_config + " " + admission_control + " " + service_cluster_ip_range + " " + client_ca_file + " " + basic_auth_file -%} -{% set params = params + " " + cluster_name + " " + cert_file + " " + key_file + " --secure_port=" + secure_port + " " + token_auth_file + " " + publicAddressOverride + " " + pillar['log_level'] + " " + advertise_address -%} +{% set params = params + " " + cluster_name + " " + cert_file + " " + key_file + " --secure_port=" + secure_port + " " + token_auth_file + " " + bind_address + " " + pillar['log_level'] + " " + advertise_address -%} { "apiVersion": "v1beta3", diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 505ded43c7c..d27b5098f24 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -151,8 +151,9 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) { "clients. If blank, all interfaces will be used (0.0.0.0).") fs.Var(&s.AdvertiseAddress, "advertise-address", ""+ "The IP address on which to advertise the apiserver to members of the cluster. This "+ - "address must be reachable by the rest of the cluster. If blank, all interfaces will be "+ - "used.") + "address must be reachable by the rest of the cluster. If blank, the --bind-address "+ + "will be used. If --bind-address is unspecified, the host's default interface will "+ + "be used.") fs.Var(&s.BindAddress, "public-address-override", "DEPRECATED: see --bind-address instead") fs.IntVar(&s.ReadOnlyPort, "read-only-port", s.ReadOnlyPort, ""+ "The port on which to serve read-only resources. If 0, don't serve read-only "+ @@ -240,6 +241,13 @@ func newEtcd(etcdConfigFile string, etcdServerList util.StringList, storageVersi func (s *APIServer) Run(_ []string) error { s.verifyClusterIPFlags() + // If advertise-address is not specified, use bind-address. If bind-address + // is also unset (or 0.0.0.0), setDefaults() in pkg/master/master.go will + // do the right thing and use the host's default interface. + if s.AdvertiseAddress == nil || net.IP(s.AdvertiseAddress).IsUnspecified() { + s.AdvertiseAddress = s.BindAddress + } + if (s.EtcdConfigFile != "" && len(s.EtcdServerList) != 0) || (s.EtcdConfigFile == "" && len(s.EtcdServerList) == 0) { glog.Fatalf("specify either --etcd-servers or --etcd-config") } diff --git a/pkg/master/master.go b/pkg/master/master.go index 3d426a4db23..3dc7e0f96ef 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -127,7 +127,7 @@ type Config struct { // PublicAddress is the IP address where members of the cluster (kubelet, // kube-proxy, services, etc.) can reach the master. - // If nil or 0.0.0.0, the first result from net.InterfaceAddrs will be used. + // If nil or 0.0.0.0, the host's default interface will be used. PublicAddress net.IP // Control the interval that pod, node IP, and node heath status caches