Browse Source

Add service-node-port-range parameter for kube-apiserver

pull/630/head
Maciej Filipiak 8 years ago
parent
commit
cc2f26b8e9
2 changed files with 5 additions and 0 deletions
  1. 4
      roles/kubernetes/master/defaults/main.yml
  2. 1
      roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

4
roles/kubernetes/master/defaults/main.yml

@ -26,6 +26,10 @@ kube_config_dir: /etc/kubernetes
# change to 0.0.0.0 to enable insecure access from anywhere (not recommended) # change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_bind_address: 127.0.0.1
# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"
# Logging directory (sysvinit systems) # Logging directory (sysvinit systems)
kube_log_dir: "/var/log/kubernetes" kube_log_dir: "/var/log/kubernetes"

1
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

@ -23,6 +23,7 @@ spec:
- --apiserver-count={{ kube_apiserver_count }} - --apiserver-count={{ kube_apiserver_count }}
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
- --service-cluster-ip-range={{ kube_service_addresses }} - --service-cluster-ip-range={{ kube_service_addresses }}
- --service-node-port-range={{ kube_apiserver_node_port_range }}
- --client-ca-file={{ kube_cert_dir }}/ca.pem - --client-ca-file={{ kube_cert_dir }}/ca.pem
- --basic-auth-file={{ kube_users_dir }}/known_users.csv - --basic-auth-file={{ kube_users_dir }}/known_users.csv
- --tls-cert-file={{ kube_cert_dir }}/apiserver.pem - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem

Loading…
Cancel
Save