-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added IPV6 information to setup cluster using kubeadm #6465
Changes from 5 commits
d5273b9
ccb4dd7
76cbaf0
4b06883
d270ed7
3522d55
aa7bf8f
882beff
c166f3d
eb4e426
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -67,7 +67,7 @@ following steps: | |
See [Securing your installation](#securing-more) for hardening. | ||
|
||
1. kubeadm installs add-on components via the API server. Right now this is | ||
the internal DNS server and the kube-proxy DaemonSet. | ||
the internal DNS server and the kube-proxy DaemonSet. There is no requirement for specifying kube-proxy bind address in kubeadm configuration file. The kube-proxy bind address is dynamically assigned based on the address type of API server (i.e. v4 will assign 0.0.0.0 & v6 will assign :: ). | ||
|
||
1. If `kubeadm init` is invoked with the alpha self-hosting feature enabled, | ||
(`--feature-gates=SelfHosting=true`), the static Pod based control plane will | ||
|
@@ -111,8 +111,8 @@ flags that can be used to customise the Kubernetes installation. | |
- `--apiserver-advertise-address` | ||
|
||
This is the address the API Server will advertise to other members of the | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Replace this entire paragraph (lines 113-116) with:
So:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This replacement ☝️ includes @luxas's feedback. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @mmueen Please add the requested syntax by copying and pasting the following section:
|
||
cluster. This is also the address used to construct the suggested `kubeadm | ||
join` line at the end of the init process. If not set (or set to 0.0.0.0) then | ||
cluster. API server IP address can either be IPv4 or IPv6. This is also the address used to construct the suggested `kubeadm | ||
join` line at the end of the init process. If not set (or set to 0.0.0.0 for IPv4 or :: for IPv6) then | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. maybe enclose 0.0.0.0 and :: in ``s? |
||
IP for the default interface will be used. | ||
|
||
This address is also added to the certificate that the API Server uses. | ||
|
@@ -1030,6 +1030,25 @@ More information on custom arguments can be found here: | |
- [kube-controller-manager](https://kubernetes.io/docs/admin/kube-controller-manager/) | ||
- [kube-scheduler](https://kubernetes.io/docs/admin/kube-scheduler/) | ||
|
||
### Specifying custom arguments for IPv6 interfaces | ||
|
||
Optionally, IPv6 for liveness probe for control plane components and etcd server can also be specified using extra args as mentioned in the example below. Please note that whenever IPv6 needs to be specified as IP:Port, IPv6 hostname must be enclosed. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
So:
|
||
|
||
``` | ||
apiVersion: kubeadm.k8s.io/v1alpha1 | ||
kind: MasterConfiguration | ||
apiServerExtraArgs: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure IPv6 args should be placed in a default section. Can we create a new section called There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Lines 1040 and 1041 should be removed from the IPv6 kubeadm conf file example. |
||
etcd-servers: "http://[fd00::101]:2379" | ||
controllerManagerExtraArgs: | ||
address: "fd00::101" | ||
schedulerExtraArgs: | ||
address: "fd00::101" | ||
etcd: | ||
extraArgs: | ||
listen-client-urls: "http://[fd00::101]:2379" | ||
``` | ||
|
||
|
||
## Releases and release notes | ||
|
||
If you already have kubeadm installed and want to upgrade, run `apt-get update | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -115,9 +115,8 @@ something provider-specific. The tabs below will contain a notice about what fla | |
on `kubeadm init` are required. | ||
- Unless otherwise specified, kubeadm uses the default gateway's network interface | ||
to advertise the master's IP. If you want to use a different network interface, specify | ||
`--apiserver-advertise-address=<ip-address>` argument to `kubeadm init`. | ||
- If you would like to customise control plane components, you can do so by providing | ||
extra args to each one, as documented [here](/docs/admin/kubeadm#custom-args). | ||
`--apiserver-advertise-address=<ip-address>` argument to `kubeadm init`. To deploy an IPv6 Kubernetes cluster using IPv6 addressing, you must specify an IPv6, e.g. `--apiserver-advertise-address=fd00::101` | ||
- If you would like to customise control plane components including optional IPv6 assignment to liveness probe for control plane components and etcd server, you can do so by providing extra args to each one, as documented [here](/docs/admin/kubeadm#custom-args). | ||
- `kubeadm init` will first run a series of prechecks to ensure that the machine | ||
is ready to run Kubernetes. It will expose warnings and exit on errors. It | ||
will then download and install the cluster database and control plane | ||
|
@@ -211,7 +210,7 @@ supports Container Network Interface (CNI) based networks (and does not support | |
|
||
Several projects provide Kubernetes pod networks using CNI, some of which also | ||
support [Network Policy](/docs/concepts/services-networking/networkpolicies/). See the [add-ons | ||
page](/docs/concepts/cluster-administration/addons/) for a complete list of available network add-ons. | ||
page](/docs/concepts/cluster-administration/addons/) for a complete list of available network add-ons. IPv6 support was added in [CNI v0.6.0](https://github.com/containernetworking/cni/releases/tag/v0.6.0). [CNI bridge](https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/README.md) and [local-ipam](https://github.com/containernetworking/plugins/blob/master/plugins/ipam/host-local/README.md) are the only supported IPv6 network plugins in 1.9. | ||
|
||
**New for Kubernetes 1.6:** kubeadm 1.6 sets up a more secure cluster by | ||
default. As such it uses RBAC to grant limited privileges to workloads running | ||
|
@@ -371,6 +370,8 @@ The nodes are where your workloads (containers and pods, etc) run. To add new no | |
kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash> | ||
``` | ||
|
||
**Note:** To specify IPv6 tuple for <master-ip>:<master-port>, IPv6 address must be enclosed in square brackets, for example `[fd00::101]:2073`. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Replace with: **Note:** To specify an IPv6 tuple for <master-ip>:<master-port>, IPv6 address must be enclosed in square brackets, for example: `[fd00::101]:2073`.
{: .note} |
||
|
||
The output should look something like: | ||
|
||
``` | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know really if this needs to be said; the user shouldn't have to care about this, right?