diff --git a/cluster.yml b/cluster.yml index df07f1d5..a188a2c4 100644 --- a/cluster.yml +++ b/cluster.yml @@ -5,10 +5,12 @@ hosts: user: ubuntu role: [controlplane, etcd] docker_socket: /var/run/docker.sock + control_plane_ip: 10.1.1.1 - hostname: server2 ip: 2.2.2.2 user: ubuntu role: [worker] + control_plane_ip: 10.2.2.2 services: etcd: diff --git a/cmd/cluster.go b/cmd/cluster.go index 2d2c6c47..e1fd7ef9 100644 --- a/cmd/cluster.go +++ b/cmd/cluster.go @@ -122,6 +122,11 @@ func parseClusterFile(clusterFile string) (*services.Container, []hosts.Host, er return nil, nil, fmt.Errorf("User for host (%d) is not provided", i+1) } else if len(host.Role) == 0 { return nil, nil, fmt.Errorf("Role for host (%d) is not provided", i+1) + + } else if host.ControlPlaneIP == "" { + // if control_plane_ip is not set, + // default to the main IP + host.ControlPlaneIP = host.IP } for _, role := range host.Role { if role != services.ETCDRole && role != services.ControlRole && role != services.WorkerRole { diff --git a/hosts/hosts.go b/hosts/hosts.go index dd5aaac1..f460a142 100644 --- a/hosts/hosts.go +++ b/hosts/hosts.go @@ -10,12 +10,13 @@ type Hosts struct { } type Host struct { - IP string `yaml:"ip"` - Role []string `yaml:"role"` - Hostname string `yaml:"hostname"` - User string `yaml:"user"` - DockerSocket string `yaml:"docker_socket"` - DClient *client.Client + IP string `yaml:"ip"` + ControlPlaneIP string `yaml:"control_plane_ip"` + Role []string `yaml:"role"` + Hostname string `yaml:"hostname"` + User string `yaml:"user"` + DockerSocket string `yaml:"docker_socket"` + DClient *client.Client } func DivideHosts(hosts []Host) ([]Host, []Host, []Host) { diff --git a/pki/pki.go b/pki/pki.go index 454531c6..c0ee07ee 100644 --- a/pki/pki.go +++ b/pki/pki.go @@ -74,7 +74,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService certs[KubeControllerName] = CertificatePKI{ certificate: kubeControllerCrt, key: kubeControllerKey, - config: getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeControllerName, CACertPath, KubeControllerCertPath, KubeControllerKeyPath), + config: getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeControllerName, CACertPath, KubeControllerCertPath, KubeControllerKeyPath), } // generate Kube scheduler certificate and key @@ -87,7 +87,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService certs[KubeSchedulerName] = CertificatePKI{ certificate: kubeSchedulerCrt, key: kubeSchedulerKey, - config: getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeSchedulerName, CACertPath, KubeSchedulerCertPath, KubeSchedulerKeyPath), + config: getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeSchedulerName, CACertPath, KubeSchedulerCertPath, KubeSchedulerKeyPath), } // generate Kube Proxy certificate and key @@ -100,7 +100,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService certs[KubeProxyName] = CertificatePKI{ certificate: kubeProxyCrt, key: kubeProxyKey, - config: getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeProxyName, CACertPath, KubeProxyCertPath, KubeProxyKeyPath), + config: getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeProxyName, CACertPath, KubeProxyCertPath, KubeProxyKeyPath), } logrus.Infof("[certificates] Generating Node certificate") @@ -112,7 +112,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService certs[KubeNodeName] = CertificatePKI{ certificate: nodeCrt, key: nodeKey, - config: getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeNodeName, CACertPath, KubeNodeCertPath, KubeNodeKeyPath), + config: getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeNodeName, CACertPath, KubeNodeCertPath, KubeNodeKeyPath), } return certs, nil } @@ -174,6 +174,9 @@ func getAltNames(cpHosts []hosts.Host, clusterDomain string, KubernetesServiceIP dnsNames := []string{} for _, host := range cpHosts { ips = append(ips, net.ParseIP(host.IP)) + if host.IP != host.ControlPlaneIP { + ips = append(ips, net.ParseIP(host.ControlPlaneIP)) + } dnsNames = append(dnsNames, host.Hostname) } ips = append(ips, net.ParseIP("127.0.0.1")) diff --git a/services/etcd.go b/services/etcd.go index bda7545c..8cd5b2f5 100644 --- a/services/etcd.go +++ b/services/etcd.go @@ -32,12 +32,12 @@ func buildEtcdConfig(host hosts.Host, etcdService Etcd) (*container.Config, *con Cmd: []string{"/usr/local/bin/etcd", "--name=etcd-" + host.Hostname, "--data-dir=/etcd-data", - "--advertise-client-urls=http://" + host.IP + ":2379,http://" + host.IP + ":4001", + "--advertise-client-urls=http://" + host.ControlPlaneIP + ":2379,http://" + host.ControlPlaneIP + ":4001", "--listen-client-urls=http://0.0.0.0:2379", - "--initial-advertise-peer-urls=http://" + host.IP + ":2380", + "--initial-advertise-peer-urls=http://" + host.ControlPlaneIP + ":2380", "--listen-peer-urls=http://0.0.0.0:2380", "--initial-cluster-token=etcd-cluster-1", - "--initial-cluster=etcd-" + host.Hostname + "=http://" + host.IP + ":2380"}, + "--initial-cluster=etcd-" + host.Hostname + "=http://" + host.ControlPlaneIP + ":2380"}, } hostCfg := &container.HostConfig{ RestartPolicy: container.RestartPolicy{Name: "always"}, @@ -64,7 +64,7 @@ func buildEtcdConfig(host hosts.Host, etcdService Etcd) (*container.Config, *con func getEtcdConnString(hosts []hosts.Host) string { connString := "" for i, host := range hosts { - connString += "http://" + host.IP + ":2379" + connString += "http://" + host.ControlPlaneIP + ":2379" if i < (len(hosts) - 1) { connString += "," } diff --git a/services/kubeapi.go b/services/kubeapi.go index 0a35a8c1..0e46577b 100644 --- a/services/kubeapi.go +++ b/services/kubeapi.go @@ -39,7 +39,7 @@ func buildKubeAPIConfig(host hosts.Host, kubeAPIService KubeAPI, etcdConnString "--runtime-config=authentication.k8s.io/v1beta1=true", "--storage-backend=etcd3", "--etcd-servers=" + etcdConnString, - "--advertise-address=" + host.IP, + "--advertise-address=" + host.ControlPlaneIP, "--client-ca-file=" + pki.CACertPath, "--tls-cert-file=" + pki.KubeAPICertPath, "--tls-private-key-file=" + pki.KubeAPIKeyPath,