From cb9abd8b320637fc471f79f78fb44aa0cd653781 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Wed, 20 Mar 2024 14:21:52 +0000
Subject: [PATCH] Support for exposing Kubernetes API server - using inventory
 variables

---
 cesnet-mcc/inventory/99-all.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/cesnet-mcc/inventory/99-all.yaml b/cesnet-mcc/inventory/99-all.yaml
index 9c872de..00b3798 100644
--- a/cesnet-mcc/inventory/99-all.yaml
+++ b/cesnet-mcc/inventory/99-all.yaml
@@ -15,3 +15,23 @@ all:
 
     gateway_hostname: gateway-cesnet.eosc.zcu.cz
     grafana_hostname: grafana-cesnet.eosc.zcu.cz
+    kubeapi_hostname: kubeapi-cesnet.eosc.zcu.cz
+
+    #
+    # When Kubernetes API needs to be exposed, for example:
+    #
+    # pod="$(kubectl get pod -n kube-system -l component=kube-apiserver -oname)"
+    # kubectl -n kube-system expose "$pod" --name=apiserver --port 6443 --external-ip=INGRESS_LOCAL_IP
+    #
+    kube_public_dns_name: "{{ kubeapi_hostname | default ('') }}"
+
+    # hack to add public IP to certSANs in API server in grycap.kubernetes
+    IM_NODE_PUBLIC_IP: "{{ groups['fip'][0] }}"
+
+    #
+    # Alternativelly, steps for manual update of the API server certificate:
+    #
+    # rm -fv /etc/kubernetes/pki/apiserver.*
+    # kubeadm init phase certs all --apiserver-advertise-address=0.0.0.0 --apiserver-cert-extra-sans=10.96.0.1,MASTER_LOCAL_IP,KUBEAPI_HOSTNAME
+    # service kubelet restart
+    #
-- 
GitLab