From 3541a93f92ff061d8d9df458d6f20bed6af9ecd3 Mon Sep 17 00:00:00 2001 From: Alan Grosskurth Date: Thu, 10 May 2018 18:23:09 -0700 Subject: [PATCH] gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup MASTER_ADVERTISE_ADDRESS is used to set the --advertise-address flag for the apiserver. It's useful for running the apiserver behind a load balancer. However, if PROJECT_ID, TOKEN_URL, TOKEN_BODY, and NODE_NETWORK are all set, the GCE VM's external IP address will be fetched and used instead and MASTER_ADVERTISE_ADDRESS will be ignored. Change this behavior so that MASTER_ADVERTISE_ADDRESS takes precedence because it's more specific. We still fall back to using the VM's external IP address if the other variables are set. Also: Pass --ssh-user and --ssh-keyfile flags if both PROXY_SSH_USER and MASTER_ADVERTISE_ADDRESS is set. --- cluster/gce/gci/configure-helper.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 71db85f2759..59b7bc1172a 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1622,15 +1622,19 @@ function start-kube-apiserver { if [[ -n "${FEATURE_GATES:-}" ]]; then params+=" --feature-gates=${FEATURE_GATES}" fi - if [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then + if [[ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]]; then + params+=" --advertise-address=${MASTER_ADVERTISE_ADDRESS}" + if [[ -n "${PROXY_SSH_USER:-}" ]]; then + params+=" --ssh-user=${PROXY_SSH_USER}" + params+=" --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile" + fi + elif [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then local -r vm_external_ip=$(get-metadata-value "instance/network-interfaces/0/access-configs/0/external-ip") if [[ -n "${PROXY_SSH_USER:-}" ]]; then params+=" --advertise-address=${vm_external_ip}" params+=" --ssh-user=${PROXY_SSH_USER}" params+=" --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile" fi - elif [ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]; then - params="${params} --advertise-address=${MASTER_ADVERTISE_ADDRESS}" fi local webhook_authn_config_mount=""