From dcd1608faaaaa9b03bd7ba52f85c714e77a0e3a9 Mon Sep 17 00:00:00 2001
From: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
Date: Tue, 17 Oct 2023 09:45:00 +0200
Subject: [PATCH] [external-lb]: kubelet.conf server address and kube-proxy
 api-server address fix (#10490)

* [external-lb-kubeconfig]: fix server address in worker kubelet.conf

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [external-lb-kubeconfig]: fix server address in kube-proxy

Signed-off-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
Signed-off-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>
Co-authored-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>
---
 roles/kubernetes/kubeadm/tasks/main.yml | 31 +++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index 290eca39dbf..4a65dbbc9da 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -129,6 +129,17 @@
     - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
   notify: Kubeadm | restart kubelet
 
+- name: Update server field in kubelet kubeconfig - external lb
+  lineinfile:
+    dest: "{{ kube_config_dir }}/kubelet.conf"
+    regexp: '^    server: https'
+    line: '    server: {{ kube_apiserver_endpoint }}'
+    backup: yes
+  when:
+    - not is_kube_master
+    - loadbalancer_apiserver is defined
+  notify: Kubeadm | restart kubelet
+
 # FIXME(mattymo): Need to point to localhost, otherwise masters will all point
 #                 incorrectly to first master, creating SPoF.
 - name: Update server field in kube-proxy kubeconfig
@@ -149,6 +160,22 @@
   tags:
     - kube-proxy
 
+- name: Update server field in kube-proxy kubeconfig - external lb
+  shell: >-
+    set -o pipefail && {{ kubectl }} get configmap kube-proxy -n kube-system -o yaml
+    | sed 's#server:.*#server: {{kube_apiserver_endpoint}}#g'
+    | {{ kubectl }} replace -f -
+  args:
+    executable: /bin/bash
+  run_once: true
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
+  delegate_facts: false
+  when:
+    - kube_proxy_deployed
+    - loadbalancer_apiserver is defined
+  tags:
+    - kube-proxy
+
 - name: Set ca.crt file permission
   file:
     path: "{{ kube_cert_dir }}/ca.crt"
@@ -162,8 +189,8 @@
   delegate_to: "{{ groups['kube_control_plane'] | first }}"
   delegate_facts: false
   when:
-    - kubeadm_config_api_fqdn is not defined
-    - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
+    - kubeadm_config_api_fqdn is not defined or loadbalancer_apiserver is defined
+    - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "") or loadbalancer_apiserver is defined
     - kube_proxy_deployed
   tags:
     - kube-proxy