fix: explicitly set bind-address for scheduler and controller-manager (…

…#63)
cloud-labs-infra · Dec 4, 2023 · 4c40657 · 4c40657
1 parent f3778d0
commit 4c40657
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -44,14 +44,31 @@ k8s_cluster_cluster_configuration:
   # In a cluster with more than one control plane instances, this field should be assigned
   # the address of the external load balancer in front of the control plane instances
   controlPlaneEndpoint: "{{ hostvars[inventory_hostname]['ansible_facts']['default_ipv4']['address'] }}:6443"
+  # controller-manager and scheduler listen 127.0.0.1 address and respective port by default.
+  # it could be a problem if you are going to deploy monitoring stack because it would be
+  # scrapping <node_ip>:<port> (node_ip - because those manifests have 'hostNetwork: true')
+  #
+  # read more about kube-controller-manager options:
+  #   https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/
+  controllerManager:
+    extraArgs:
+      bind-address: "0.0.0.0"
+  # https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/
+  scheduler:
+    extraArgs:
+      bind-address: "0.0.0.0"
 
 # https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
 k8s_cluster_kubelet_configuration:
   cgroupDriver: systemd
   failSwapOn: false
 
 # https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/
-k8s_cluster_kubeproxy_configuration: ""
+k8s_cluster_kubeproxy_configuration:
+  # monitoring tools can't scrape default bind address (127.0.0.1:10249)
+  # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#kubeproxy
+  # https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/
+  metricsBindAddress: "0.0.0.0:10249"
 
 # https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/#kubeadm-k8s-io-v1beta3-JoinConfiguration
 #

diff --git a/molecule/end-to-end/molecule.yml b/molecule/end-to-end/molecule.yml
@@ -108,6 +108,12 @@ provisioner:
             dnsDomain: cluster.local
           kubernetesVersion: "{{ k8s_cluster_kubernetes_version }}"
           controlPlaneEndpoint: "{{ k8s_cluster_control_plane_endpoint }}:6443"
+          controllerManager:
+            extraArgs:
+              bind-address: "0.0.0.0"
+          scheduler:
+            extraArgs:
+              bind-address: "0.0.0.0"
         # custom networking
         k8s_cluster_flannel_apply: ""
         k8s_cluster_custom_networking_tasks_path: "network/custom-networking.yml"

diff --git a/molecule/end-to-end/verify.yml b/molecule/end-to-end/verify.yml
@@ -7,3 +7,15 @@
     - name: Include verify common
       ansible.builtin.include_tasks:
         file: ../verify-common.yml
+
+    - name: Netstat output
+      block:
+        - name: Run netstat
+          ansible.builtin.shell: |
+            netstat -tulpn
+          register: netstat
+          changed_when: false
+
+        - name: Netstat debug
+          ansible.builtin.debug:
+            var: netstat