Re: node ip addresses change

Tue, 28 Aug 2018 04:06:02 -0700 

Hi Tim, 

In master certificates the Subject Alternative Name includes some IP
addresses like internal balancer. 

In etcd certificates the Subject Alternative Name also includes its own
addresses. 

Masters cannot change their IP addresses (not easily). 

Nodes also have certificates where their own address is and there is a
virtual network software that all nodes (masters are also nodes) use to
allow pods communication. I think that connections are also done using
the ip address instead dns name. I am not sure about this point. 

The most secure and easy way to change the node address is to remove it
from the cluster and add it using the procedures described here:
https://docs.okd.io/3.9/admin_guide/manage_nodes.html#adding-nodes 

Jose Manuel 

-- 

Jose Manuel Ferrer Mosteiro

Devops / Sysdev @ Paradigma Digital

   __                            _ _
  / /  _ __   __ _ _ __ __ _  __| (_) __ _ _ __ ___   __ _
 | |  | '_ \ / _` | '__/ _` |/ _` | |/ _` | '_ ` _ \ / _` |
< <   | |_) | (_| | | | (_| | (_| | | (_| | | | | | | (_| |
 | |  | .__/ \__,_|_|  \__,_|\__,_|_|\__, |_| |_| |_|\__,_|
  \_\ |_|                            |___/

http://www.paradigmadigital.com/
Vía de las dos Castillas, 33, Ática 4, 2ª Planta
28224 Pozuelo de Alarcón, Madrid
Tel: 91 352 59 42 // @paradigmate 

El 2018-08-28 12:36, Tim Dudgeon escribió:

> I've got a situation where the IP addresses of the nodes in an openshift 
> origin 3.9 cluster are going to change and am trying to work out what impact 
> this will have. Of course the DNS will be updated to reflect the changes, and 
> the ansible inventory file only uses hostnames, not IP addresses.
> 
> However, looking that the /etc/origin/master/master-config.yaml I see an 
> entry like this:
> masterIP: 172.20.0.16
> 
> And on the nodes in the /etc/origin/node/node-config.yaml I see this:
> dnsIP: 172.20.0.16
> 
> So this suggests that the IP addresses are significant in some aspects.
> Are there other places where the IP addresses will need to be changed?
> Should it work to just update those IP addresses and restart the services?
> 
> Thanks
> Tim
> 
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to