From 4452848ffa0bda0c697d1063c1f649addf593f57 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Fri, 20 Dec 2019 15:43:05 +0100 Subject: [PATCH] kubelet and apiserver autodetect ipv6 address use `::` as argument to autodetect the IPv6 adderss bind apiserver to ipv6 address kubelet autodetect node ip --- .../internal/create/actions/config/config.go | 1 + pkg/cluster/internal/kubeadm/config.go | 111 +++++++++++++++++- 2 files changed, 111 insertions(+), 1 deletion(-) diff --git a/pkg/cluster/internal/create/actions/config/config.go b/pkg/cluster/internal/create/actions/config/config.go index d92f0c4dc4..d1ebda9d84 100644 --- a/pkg/cluster/internal/create/actions/config/config.go +++ b/pkg/cluster/internal/create/actions/config/config.go @@ -200,6 +200,7 @@ func getKubeadmConfig(cfg *config.Cluster, data kubeadm.ConfigData, node nodes.N return "", errors.Wrap(err, "failed to get IP for node") } + // TODO: this is no longer needed since v1.18 data.NodeAddress = nodeAddress // configure the right protocol addresses if cfg.Networking.IPFamily == "ipv6" { diff --git a/pkg/cluster/internal/kubeadm/config.go b/pkg/cluster/internal/kubeadm/config.go index eaa9a128ab..4b4c4eb25e 100644 --- a/pkg/cluster/internal/kubeadm/config.go +++ b/pkg/cluster/internal/kubeadm/config.go @@ -509,6 +509,113 @@ metadata: {{end}}{{end}} ` +// ConfigTemplateV118BetaV2 is the kubadm config template for API version v1beta2 and k8s > v1.18 +const ConfigTemplateV118BetaV2 = `# config generated by kind +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +metadata: + name: config +kubernetesVersion: {{.KubernetesVersion}} +clusterName: "{{.ClusterName}}" +controlPlaneEndpoint: "{{ .ControlPlaneEndpoint }}" +# on docker for mac we have to expose the api server via port forward, +# so we need to ensure the cert is valid for localhost so we can talk +# to the cluster after rewriting the kubeconfig to point to localhost +apiServer: + certSANs: [localhost, "{{.APIServerAddress}}"] + extraArgs: + {{ if .IPv6 -}} + bind-address: "::" + {{- end }} +controllerManager: + extraArgs: + enable-hostpath-provisioner: "true" + # configure ipv6 default addresses for IPv6 clusters + {{ if .IPv6 -}} + bind-address: "::1" + {{- end }} +scheduler: + extraArgs: + # configure ipv6 default addresses for IPv6 clusters + {{ if .IPv6 -}} + bind-address: "::1" + {{- end }} +networking: + podSubnet: "{{ .PodSubnet }}" + serviceSubnet: "{{ .ServiceSubnet }}" +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +metadata: + name: config +# we use a well know token for TLS bootstrap +bootstrapTokens: +- token: "{{ .Token }}" +# we use a well know port for making the API server discoverable inside docker network. +# from the host machine such port will be accessible via a random local port instead. +localAPIEndpoint: + {{ if .IPv6 -}} + advertiseAddress: "::" + {{- end }} + bindPort: {{.APIBindPort}} +nodeRegistration: + criSocket: "/run/containerd/containerd.sock" + kubeletExtraArgs: + fail-swap-on: "false" + {{ if .IPv6 -}} + node-ip: "::" + {{- end }} +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: JoinConfiguration +metadata: + name: config +{{ if .ControlPlane -}} +controlPlane: + localAPIEndpoint: + {{ if .IPv6 -}} + advertiseAddress: "::" + {{- end }} + bindPort: {{.APIBindPort}} +{{- end }} +nodeRegistration: + criSocket: "/run/containerd/containerd.sock" + kubeletExtraArgs: + fail-swap-on: "false" + {{ if .IPv6 -}} + node-ip: "::" + {{- end }} +discovery: + bootstrapToken: + apiServerEndpoint: "{{ .ControlPlaneEndpoint }}" + token: "{{ .Token }}" + unsafeSkipCAVerification: true +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +metadata: + name: config +# configure ipv6 addresses in IPv6 mode +{{ if .IPv6 -}} +address: "::" +healthzBindAddress: "::" +{{- end }} +# disable disk resource management by default +# kubelet will see the host disk that the inner container runtime +# is ultimately backed by and attempt to recover disk space. we don't want that. +imageGCHighThresholdPercent: 100 +evictionHard: + nodefs.available: "0%" + nodefs.inodesFree: "0%" + imagefs.available: "0%" +--- +# no-op entry that exists solely so it can be patched +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +kind: KubeProxyConfiguration +metadata: + name: config +` + // Config returns a kubeadm config generated from config data, in particular // the kubernetes version func Config(data ConfigData) (config string, err error) { @@ -518,7 +625,7 @@ func Config(data ConfigData) (config string, err error) { } // assume the latest API version, then fallback if the k8s version is too low - templateSource := ConfigTemplateBetaV2 + templateSource := ConfigTemplateV118BetaV2 if ver.LessThan(version.MustParseSemantic("v1.12.0")) { // in Kubernetes 1.11 we need to enable this feature, unless the user // explicitly disabled it. this is considered part of our "base config" @@ -532,6 +639,8 @@ func Config(data ConfigData) (config string, err error) { templateSource = ConfigTemplateAlphaV3 } else if ver.LessThan(version.MustParseSemantic("v1.15.0")) { templateSource = ConfigTemplateBetaV1 + } else if ver.LessThan(version.MustParseSemantic("v1.18.0")) { + templateSource = ConfigTemplateBetaV2 } t, err := template.New("kubeadm-config").Parse(templateSource)