From 4c40657efa0302135d45c2cc441d73bddf3410ce Mon Sep 17 00:00:00 2001
From: Egor Vasilyev <e.s.vasilyev@mail.ru>
Date: Mon, 4 Dec 2023 11:26:42 +0300
Subject: [PATCH] fix: explicitly set bind-address for scheduler and
 controller-manager (#63)

---
 defaults/main.yml                | 19 ++++++++++++++++++-
 molecule/end-to-end/molecule.yml |  6 ++++++
 molecule/end-to-end/verify.yml   | 12 ++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e8960f3..fb58be7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -44,6 +44,19 @@ k8s_cluster_cluster_configuration:
   # In a cluster with more than one control plane instances, this field should be assigned
   # the address of the external load balancer in front of the control plane instances
   controlPlaneEndpoint: "{{ hostvars[inventory_hostname]['ansible_facts']['default_ipv4']['address'] }}:6443"
+  # controller-manager and scheduler listen 127.0.0.1 address and respective port by default.
+  # it could be a problem if you are going to deploy monitoring stack because it would be
+  # scrapping <node_ip>:<port> (node_ip - because those manifests have 'hostNetwork: true')
+  #
+  # read more about kube-controller-manager options:
+  #   https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/
+  controllerManager:
+    extraArgs:
+      bind-address: "0.0.0.0"
+  # https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/
+  scheduler:
+    extraArgs:
+      bind-address: "0.0.0.0"
 
 # https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
 k8s_cluster_kubelet_configuration:
@@ -51,7 +64,11 @@ k8s_cluster_kubelet_configuration:
   failSwapOn: false
 
 # https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/
-k8s_cluster_kubeproxy_configuration: ""
+k8s_cluster_kubeproxy_configuration:
+  # monitoring tools can't scrape default bind address (127.0.0.1:10249)
+  # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#kubeproxy
+  # https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/
+  metricsBindAddress: "0.0.0.0:10249"
 
 # https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/#kubeadm-k8s-io-v1beta3-JoinConfiguration
 #
diff --git a/molecule/end-to-end/molecule.yml b/molecule/end-to-end/molecule.yml
index 10de7a7..8a9fae0 100644
--- a/molecule/end-to-end/molecule.yml
+++ b/molecule/end-to-end/molecule.yml
@@ -108,6 +108,12 @@ provisioner:
             dnsDomain: cluster.local
           kubernetesVersion: "{{ k8s_cluster_kubernetes_version }}"
           controlPlaneEndpoint: "{{ k8s_cluster_control_plane_endpoint }}:6443"
+          controllerManager:
+            extraArgs:
+              bind-address: "0.0.0.0"
+          scheduler:
+            extraArgs:
+              bind-address: "0.0.0.0"
         # custom networking
         k8s_cluster_flannel_apply: ""
         k8s_cluster_custom_networking_tasks_path: "network/custom-networking.yml"
diff --git a/molecule/end-to-end/verify.yml b/molecule/end-to-end/verify.yml
index 83ea296..28a864a 100644
--- a/molecule/end-to-end/verify.yml
+++ b/molecule/end-to-end/verify.yml
@@ -7,3 +7,15 @@
     - name: Include verify common
       ansible.builtin.include_tasks:
         file: ../verify-common.yml
+
+    - name: Netstat output
+      block:
+        - name: Run netstat
+          ansible.builtin.shell: |
+            netstat -tulpn
+          register: netstat
+          changed_when: false
+
+        - name: Netstat debug
+          ansible.builtin.debug:
+            var: netstat