add support for specifc control plane IP per host

cluster.yml

@@ -5,10 +5,12 @@ hosts:
     user: ubuntu
     role: [controlplane, etcd]
     docker_socket: /var/run/docker.sock
+    control_plane_ip: 10.1.1.1
   - hostname: server2
     ip: 2.2.2.2
     user: ubuntu
     role: [worker]
+    control_plane_ip: 10.2.2.2
 
 services:
   etcd:

cmd/cluster.go

@@ -122,6 +122,11 @@ func parseClusterFile(clusterFile string) (*services.Container, []hosts.Host, er
 			return nil, nil, fmt.Errorf("User for host (%d) is not provided", i+1)
 		} else if len(host.Role) == 0 {
 			return nil, nil, fmt.Errorf("Role for host (%d) is not provided", i+1)
+
+		} else if host.ControlPlaneIP == "" {
+			// if control_plane_ip is not set,
+			// default to the main IP
+			host.ControlPlaneIP = host.IP
 		}
 		for _, role := range host.Role {
 			if role != services.ETCDRole && role != services.ControlRole && role != services.WorkerRole {

hosts/hosts.go

@@ -11,6 +11,7 @@ type Hosts struct {
 
 type Host struct {
 	IP             string   `yaml:"ip"`
+	ControlPlaneIP string   `yaml:"control_plane_ip"`
 	Role           []string `yaml:"role"`
 	Hostname       string   `yaml:"hostname"`
 	User           string   `yaml:"user"`

pki/pki.go

@@ -74,7 +74,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService
 	certs[KubeControllerName] = CertificatePKI{
 		certificate: kubeControllerCrt,
 		key:         kubeControllerKey,
-		config:      getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeControllerName, CACertPath, KubeControllerCertPath, KubeControllerKeyPath),
+		config:      getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeControllerName, CACertPath, KubeControllerCertPath, KubeControllerKeyPath),
 	}
 
 	// generate Kube scheduler certificate and key
@@ -87,7 +87,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService
 	certs[KubeSchedulerName] = CertificatePKI{
 		certificate: kubeSchedulerCrt,
 		key:         kubeSchedulerKey,
-		config:      getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeSchedulerName, CACertPath, KubeSchedulerCertPath, KubeSchedulerKeyPath),
+		config:      getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeSchedulerName, CACertPath, KubeSchedulerCertPath, KubeSchedulerKeyPath),
 	}
 
 	// generate Kube Proxy certificate and key
@@ -100,7 +100,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService
 	certs[KubeProxyName] = CertificatePKI{
 		certificate: kubeProxyCrt,
 		key:         kubeProxyKey,
-		config:      getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeProxyName, CACertPath, KubeProxyCertPath, KubeProxyKeyPath),
+		config:      getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeProxyName, CACertPath, KubeProxyCertPath, KubeProxyKeyPath),
 	}
 
 	logrus.Infof("[certificates] Generating Node certificate")
@@ -112,7 +112,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService
 	certs[KubeNodeName] = CertificatePKI{
 		certificate: nodeCrt,
 		key:         nodeKey,
-		config:      getKubeConfigX509("https://"+cpHosts[0].IP+":6443", KubeNodeName, CACertPath, KubeNodeCertPath, KubeNodeKeyPath),
+		config:      getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeNodeName, CACertPath, KubeNodeCertPath, KubeNodeKeyPath),
 	}
 	return certs, nil
 }
@@ -174,6 +174,9 @@ func getAltNames(cpHosts []hosts.Host, clusterDomain string, KubernetesServiceIP
 	dnsNames := []string{}
 	for _, host := range cpHosts {
 		ips = append(ips, net.ParseIP(host.IP))
+		if host.IP != host.ControlPlaneIP {
+			ips = append(ips, net.ParseIP(host.ControlPlaneIP))
+		}
 		dnsNames = append(dnsNames, host.Hostname)
 	}
 	ips = append(ips, net.ParseIP("127.0.0.1"))

services/etcd.go

@@ -32,12 +32,12 @@ func buildEtcdConfig(host hosts.Host, etcdService Etcd) (*container.Config, *con
 		Cmd: []string{"/usr/local/bin/etcd",
 			"--name=etcd-" + host.Hostname,
 			"--data-dir=/etcd-data",
-			"--advertise-client-urls=http://" + host.IP + ":2379,http://" + host.IP + ":4001",
+			"--advertise-client-urls=http://" + host.ControlPlaneIP + ":2379,http://" + host.ControlPlaneIP + ":4001",
 			"--listen-client-urls=http://0.0.0.0:2379",
-			"--initial-advertise-peer-urls=http://" + host.IP + ":2380",
+			"--initial-advertise-peer-urls=http://" + host.ControlPlaneIP + ":2380",
 			"--listen-peer-urls=http://0.0.0.0:2380",
 			"--initial-cluster-token=etcd-cluster-1",
-			"--initial-cluster=etcd-" + host.Hostname + "=http://" + host.IP + ":2380"},
+			"--initial-cluster=etcd-" + host.Hostname + "=http://" + host.ControlPlaneIP + ":2380"},
 	}
 	hostCfg := &container.HostConfig{
 		RestartPolicy: container.RestartPolicy{Name: "always"},
@@ -64,7 +64,7 @@ func buildEtcdConfig(host hosts.Host, etcdService Etcd) (*container.Config, *con
 func getEtcdConnString(hosts []hosts.Host) string {
 	connString := ""
 	for i, host := range hosts {
-		connString += "http://" + host.IP + ":2379"
+		connString += "http://" + host.ControlPlaneIP + ":2379"
 		if i < (len(hosts) - 1) {
 			connString += ","
 		}

services/kubeapi.go

@@ -39,7 +39,7 @@ func buildKubeAPIConfig(host hosts.Host, kubeAPIService KubeAPI, etcdConnString
 			"--runtime-config=authentication.k8s.io/v1beta1=true",
 			"--storage-backend=etcd3",
 			"--etcd-servers=" + etcdConnString,
-			"--advertise-address=" + host.IP,
+			"--advertise-address=" + host.ControlPlaneIP,
 			"--client-ca-file=" + pki.CACertPath,
 			"--tls-cert-file=" + pki.KubeAPICertPath,
 			"--tls-private-key-file=" + pki.KubeAPIKeyPath,