Configure host interfaces used by MicroK8s

By default, MicroK8s will use the default host interface for all control plane (e.g. kube-apiserver) and data plane (e.g. Calico vxlan network) services. For most use cases this is sufficient and no further configuration or understanding of the components of Kubernetes is necessary.

For production deployments with multiple interfaces or designated VLANs, cluster administrators may want to configure which specific host interfaces are in use by MicroK8s. This is achieved through editing the runtime arguments for the services (as discussed more fully in the documentation on configuring services.

NOTE: For the rest of this document, we will use the term default interface to refer to the host interface that includes a default gateway route.

Control Plane

This section explains how to configure the host interfaces used by Kubernetes control plane services.

kube-apiserver

By default, kube-apiserver will bind to all host interfaces and advertise the default interface. You can configure it by editing /var/snap/microk8s/current/args/kube-apiserver and setting the following arguments:

#/var/snap/microk8s/current/args/kube-apiserver
--advertise-address=10.10.10.10
--bind-address=0.0.0.0
--secure-port=16443

Apply the changes with:

sudo snap restart microk8s

NOTE: MicroK8s assumes that kube-apiserver is accessible from the local interface 127.0.0.1 for some of its default configuration. If you change the bind-address, you may want to update the address of the apiserver in the kubeconfig files in /var/snap/microk8s/current/credentials accordingly.

kube-controller-manager

By default, kube-controller-manager binds to the default host interface. You can configure it by editing /var/snap/microk8s/current/args/kube-controller-manager and setting the following arguments:

# /var/snap/microk8s/current/args/kube-controller-manager
--bind-address=0.0.0.0
--secure-port=10257

Apply the changes with:

sudo snap restart microk8s

NOTE: The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.

kube-scheduler

By default, kube-scheduler binds to the default host interface. You can configure it by editing /var/snap/microk8s/current/args/kube-scheduler and setting the following arguments:

# /var/snap/microk8s/current/args/kube-scheduler
--bind-address=0.0.0.0
--secure-port=10257

Apply the changes with:

sudo snap restart microk8s

NOTE: The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.

kube-proxy

By default, kube-proxy binds to localhost for its health endpoint, and binds NodePort services to all host interfaces. You can configure it by editing /var/snap/microk8s/current/args/kube-proxy and setting the following arguments:

# /var/snap/microk8s/current/args/kube-proxy
--bind-address=0.0.0.0
--healthz-bind-address=127.0.0.1

Apply the changes with:

sudo snap restart microk8s

kubelet

By default, kubelet binds to all host interfaces and advertises the default host interface. You can configure it by editing /var/snap/microk8s/current/args/kubelet and setting the following arguments:

# /var/snap/microk8s/current/args/kubelet
--address=0.0.0.0
--node-ip=10.10.10.10
--healthz-bind-address=127.0.0.1

Apply the changes with:

sudo snap restart microk8s

NOTE: The address must be reachable by the rest of the cluster.

NOTE: The address set in --node-ip is used as the InternalIP of the node, as shown in microk8s kubectl get node -o wide

dqlite

By default, dqlite will bind to localhost (127.0.0.1). When forming a MicroK8s cluster, dqlite will be updated to use the address that was used in the microk8s join command.

Data Plane

This section covers the configuration of services related to the data plane.

Calico VXLAN interface

Calico is the default CNI for MicroK8s, and VXLAN overlay networks are used to configure pod networking. By default, Calico uses the default host interface for pod networking(IP_AUTODETECTION_METHOD=first-found). When forming a MicroK8s cluster, Calico is updated to use address that was used in the microk8s join command (IP_AUTODETECTION_METHOD=can-reach=10.10.10.10). You can configure it by editing /var/snap/microk8s/current/args/cni-network/cni.yaml and setting the following configuration parameters:

     - name: IP_AUTODETECTION_METHOD
       value: "first-found"

Apply the changes with:

microk8s kubectl apply -f /var/snap/microk8s/current/args/cni-network/cni.yaml

NodePort services

By default, kube-proxy will bind NodePort services to all host interfaces. This can be configured by editing /var/snap/microk8s/current/args/kube-proxy and setting the following arguments:

--nodeport-addresses=10.10.10.10

Apply the changes with:

sudo snap restart microk8s

Last updated a month ago. Help improve this document in the forum.