From 589d22da0b0eecbea0b6d520ef42bb1db0497c15 Mon Sep 17 00:00:00 2001 From: Antoine Legrand <2t.antoine@gmail.com> Date: Mon, 12 Nov 2018 11:49:23 +0100 Subject: [PATCH] Update ha-mode.md (#3696) * Update ha-mode.md --- docs/ha-mode.md | 58 ++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/docs/ha-mode.md b/docs/ha-mode.md index a25e41777..0c9f54ef9 100644 --- a/docs/ha-mode.md +++ b/docs/ha-mode.md @@ -10,33 +10,7 @@ achieve the same goal. Etcd ---- - -In order to use an external loadbalancing (L4/TCP or L7 w/ SSL Passthrough VIP), the following variables need to be overridden in group_vars -* `etcd_access_addresses` -* `etcd_client_url` -* `etcd_cert_alt_names` -* `etcd_cert_alt_ips` - -### Example of a VIP w/ FQDN -```yaml -etcd_access_addresses: https://etcd.example.com:2379 -etcd_client_url: https://etcd.example.com:2379 -etcd_cert_alt_names: - - "etcd.kube-system.svc.{{ dns_domain }}" - - "etcd.kube-system.svc" - - "etcd.kube-system" - - "etcd" - - "etcd.example.com" # This one needs to be added to the default etcd_cert_alt_names -``` - -### Example of a VIP w/o FQDN (IP only) - -```yaml -etcd_access_addresses: https://2.3.7.9:2379 -etcd_client_url: https://2.3.7.9:2379 -etcd_cert_alt_ips: - - "2.3.7.9" -``` +The etcd clients (kube-api-masters) are configured with the list of all etcd peers. If the etcd-cluster has multiple instances, it's configured in HA already. Kube-apiserver -------------- @@ -157,3 +131,33 @@ contacted via the local bind IP, which is `https://bip:sp`. Kubespray, the masters' APIs are accessed via the insecure endpoint, which consists of the local `kube_apiserver_insecure_bind_address` and `kube_apiserver_insecure_port`. + +Optional configurations +------------------------ +### ETCD with a LB +In order to use an external loadbalancing (L4/TCP or L7 w/ SSL Passthrough VIP), the following variables need to be overridden in group_vars +* `etcd_access_addresses` +* `etcd_client_url` +* `etcd_cert_alt_names` +* `etcd_cert_alt_ips` + +#### Example of a VIP w/ FQDN +```yaml +etcd_access_addresses: https://etcd.example.com:2379 +etcd_client_url: https://etcd.example.com:2379 +etcd_cert_alt_names: + - "etcd.kube-system.svc.{{ dns_domain }}" + - "etcd.kube-system.svc" + - "etcd.kube-system" + - "etcd" + - "etcd.example.com" # This one needs to be added to the default etcd_cert_alt_names +``` + +#### Example of a VIP w/o FQDN (IP only) + +```yaml +etcd_access_addresses: https://2.3.7.9:2379 +etcd_client_url: https://2.3.7.9:2379 +etcd_cert_alt_ips: + - "2.3.7.9" +```