How to setup HA for official CoreOS + Kubernetes Step By Step guide?

Sun, 21 May 2017 09:29:46 -0700 

Hi, Team,
I'm build 3 master + 3 slave coreos k8s following guide here on AWS 
https://coreos.com/kubernetes/docs/latest/deploy-master.html#set-up-the-kube-apiserver-pod
I notices this line.
"
High-availability is achieved by repeating these instructions for each 
master node. Each of the master components is safe to run on multiple nodes.
"
But to create a aws elb with health check on "HTTP:8080/healthz", I need to 
change livenessProbe to be on host: 0.0.0.0, but failed. 
Because the port 8080 is still on 127.0.0.1 ($ netstat -anp|grep 8080)
livenessProbe:
      httpGet:
        host: 0.0.0.0
        port: 8080
        path: /healthz
So that my aws elb is always: 0 of 3 instances in service

What have I missed here? and what's your recommended way to set up aws elb 
for master nodes in the official "CoreOS + Kubernetes Step By Step"? Can 
you elaborate on it's corresponding HA guide? Thanks!

FYI, 
$ curl  http://127.0.0.1:8080/healthz
ok


vi /etc/kubernetes/manifests/kube-apiserver.yaml
--------------------------------------
apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-apiserver
    image: quay.io/coreos/hyperkube:v1.6.4_coreos.0
    command:
    - /hyperkube
    - apiserver
    - --bind-address=0.0.0.0
    - --etcd-servers=http://10.3.0.11:2379,http:
//10.3.0.12:2379,http://10.3.0.13:2379
    - --allow-privileged=true
    - --service-cluster-ip-range=10.3.0.0/24
    - --secure-port=443
    - --advertise-address=10.3.0.11
    - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,
DefaultStorageClass,ResourceQuota
    - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
    - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --client-ca-file=/etc/kubernetes/ssl/ca.pem
    - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --runtime-config=extensions/v1beta1/networkpolicies=true
    - --anonymous-auth=false
    livenessProbe:
      httpGet:
        host: 0.0.0.0
        port: 8080
        path: /healthz
      initialDelaySeconds: 15
      timeoutSeconds: 15
    ports:
    - containerPort: 443
      hostPort: 443
      name: https
    - containerPort: 8080
      hostPort: 8080
      name: local
    volumeMounts:
    - mountPath: /etc/kubernetes/ssl
      name: ssl-certs-kubernetes
      readOnly: true
    - mountPath: /etc/ssl/certs
      name: ssl-certs-host
      readOnly: true
  volumes:
  - hostPath:
      path: /etc/kubernetes/ssl
    name: ssl-certs-kubernetes
  - hostPath:
      path: /usr/share/ca-certificates
    name: ssl-certs-host

Reply via email to