richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update ha-mode.md (#3696) 

* Update ha-mode.md
pull/3698/head
Antoine Legrand 6 years ago
committed by GitHub
parent
3dcb914607
commit
589d22da0b
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 27 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 58
      docs/ha-mode.md

58
docs/ha-mode.md
View File

@ -10,33 +10,7 @@ achieve the same goal.
Etcd Etcd
---- ----
In order to use an external loadbalancing (L4/TCP or L7 w/ SSL Passthrough VIP), the following variables need to be overridden in group_vars
* `etcd_access_addresses`
* `etcd_client_url`
* `etcd_cert_alt_names`
* `etcd_cert_alt_ips`
### Example of a VIP w/ FQDN
```yaml
etcd_access_addresses: https://etcd.example.com:2379
etcd_client_url: https://etcd.example.com:2379
etcd_cert_alt_names:
- "etcd.kube-system.svc.{{ dns_domain }}"
- "etcd.kube-system.svc"
- "etcd.kube-system"
- "etcd"
- "etcd.example.com" # This one needs to be added to the default etcd_cert_alt_names
```
### Example of a VIP w/o FQDN (IP only)
```yaml
etcd_access_addresses: https://2.3.7.9:2379
etcd_client_url: https://2.3.7.9:2379
etcd_cert_alt_ips:
- "2.3.7.9"
```
The etcd clients (kube-api-masters) are configured with the list of all etcd peers. If the etcd-cluster has multiple instances, it's configured in HA already.
Kube-apiserver Kube-apiserver
-------------- --------------
@ -157,3 +131,33 @@ contacted via the local bind IP, which is `https://bip:sp`.
Kubespray, the masters' APIs are accessed via the insecure endpoint, which Kubespray, the masters' APIs are accessed via the insecure endpoint, which
consists of the local `kube_apiserver_insecure_bind_address` and consists of the local `kube_apiserver_insecure_bind_address` and
`kube_apiserver_insecure_port`. `kube_apiserver_insecure_port`.
Optional configurations
------------------------
### ETCD with a LB
In order to use an external loadbalancing (L4/TCP or L7 w/ SSL Passthrough VIP), the following variables need to be overridden in group_vars
* `etcd_access_addresses`
* `etcd_client_url`
* `etcd_cert_alt_names`
* `etcd_cert_alt_ips`
#### Example of a VIP w/ FQDN
```yaml
etcd_access_addresses: https://etcd.example.com:2379
etcd_client_url: https://etcd.example.com:2379
etcd_cert_alt_names:
- "etcd.kube-system.svc.{{ dns_domain }}"
- "etcd.kube-system.svc"
- "etcd.kube-system"
- "etcd"
- "etcd.example.com" # This one needs to be added to the default etcd_cert_alt_names
```
#### Example of a VIP w/o FQDN (IP only)
```yaml
etcd_access_addresses: https://2.3.7.9:2379
etcd_client_url: https://2.3.7.9:2379
etcd_cert_alt_ips:
- "2.3.7.9"
```
Write Preview
Loading…
Cancel
Save