Hi, Team,
I'm build 3 master + 3 slave coreos k8s following guide here on AWS
https://coreos.com/kubernetes/docs/latest/deploy-master.html#set-up-the-kube-apiserver-podI notices this line.
"
High-availability is achieved by repeating these instructions for each
master node. Each of the master components is safe to run on multiple
nodes.
"
But to create a aws elb with health check on "
HTTP:8080/healthz", I need to change livenessProbe to be on host: 0.0.0.0, but failed.
Because the port 8080 is still on 127.0.0.1 ($ netstat -anp|grep 8080)
livenessProbe:
httpGet:
host: 0.0.0.0
port: 8080
path: /healthz
So that my aws elb is always: 0 of 3 instances in service
What
have I missed here? and what's your recommended way to set up aws elb
for master nodes in the official "CoreOS + Kubernetes Step By Step"? Can
you elaborate on it's corresponding HA guide? Thanks!
FYI,
$ curl
http://127.0.0.1:8080/healthzok
vi /etc/kubernetes/manifests/kube-apiserver.yaml
--------------------------------------
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-apiserver
image: quay.io/coreos/hyperkube:v1.6.4_coreos.0
command:
- /hyperkube
- apiserver
- --bind-address=0.0.0.0
- --etcd-servers=http://10.3.0.11:2379,http://10.3.0.12:2379,http://10.3.0.13:2379
- --allow-privileged=true
- --service-cluster-ip-range=10.3.0.0/24
- --secure-port=443
- --advertise-address=10.3.0.11
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
- --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --runtime-config=extensions/v1beta1/networkpolicies=true
- --anonymous-auth=false
livenessProbe:
httpGet:
host: 0.0.0.0
port: 8080
path: /healthz
initialDelaySeconds: 15
timeoutSeconds: 15
ports:
- containerPort: 443
hostPort: 443
name: https
- containerPort: 8080
hostPort: 8080
name: local
volumeMounts:
- mountPath: /etc/kubernetes/ssl
name: ssl-certs-kubernetes
readOnly: true
- mountPath: /etc/ssl/certs
name: ssl-certs-host
readOnly: true
volumes:
- hostPath:
path: /etc/kubernetes/ssl
name: ssl-certs-kubernetes
- hostPath:
path: /usr/share/ca-certificates
name: ssl-certs-host