Skip to content

Changing "bind-address" of kube-api #957

New issue
New issue
Closed
#3824
Closed
Changing "bind-address" of kube-api#957
#3824

Description

@gakio12

gakio12
openedon Jun 3, 2021

I have systems with multiple network interfaces and I would like to initialize the cluster on only one of the interfaces, say 192.168.1.1.

TLDR

Adding spec.api.extraArgs.bind-address = 192.168.1.1 (and adding to sans) in k0s config successfully causes the kube-api server to only bind on 192.168.1.1. However, when changing the /var/lib/k0s/pki/admin.confs clusters[0].cluster.server = https://192.168.1.1:6443, k0s token create --role=worker results in a TLS handshake timeout.

The rest

This issue is more a question of how to configure k0s to achieve what I am looking to do. I don't want the kube-api server listening on every interface in this case, but changing the bind-address breaks being able to access the cluster. I know it is a certificate issue, I'm just not sure where.

Here is the relevant section in my k0s.yaml file:

spec:
  api:
    address: 192.168.1.1
    port: 6443
    k0sApiPort: 9443
    externalAddress: 192.168.1.1
    extraArgs:
      bind-address: 192.168.1.1
    sans:
    - 192.168.1.1

For context, this is a single node control plane cluster that manages airgapped nodes that are behind a specific network interface.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    area/configurationarea/controlplaneenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions