[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: node ip addresses change



Hi Tim,

In master certificates the Subject Alternative Name includes some IP addresses like internal balancer.

In etcd certificates the Subject Alternative Name also includes its own addresses.

Masters cannot change their IP addresses (not easily).


Nodes also have certificates where their own address is and there is a virtual network software that all nodes (masters are also nodes) use to allow pods communication. I think that connections are also done using the ip address instead dns name. I am not sure about this point.


The most secure and easy way to change the node address is to remove it from the cluster and add it using the procedures described here: https://docs.okd.io/3.9/admin_guide/manage_nodes.html#adding-nodes


Jose Manuel


-- 

Jose Manuel Ferrer Mosteiro

Devops / Sysdev @ Paradigma Digital

   __                            _ _
  / /  _ __   __ _ _ __ __ _  __| (_) __ _ _ __ ___   __ _
 | |  | '_ \ / _` | '__/ _` |/ _` | |/ _` | '_ ` _ \ / _` |
< <   | |_) | (_| | | | (_| | (_| | | (_| | | | | | | (_| |
 | |  | .__/ \__,_|_|  \__,_|\__,_|_|\__, |_| |_| |_|\__,_|
  \_\ |_|                            |___/


http://www.paradigmadigital.com/
Vía de las dos Castillas, 33, Ática 4, 2ª Planta
28224 Pozuelo de Alarcón, Madrid
Tel: 91 352 59 42 // @paradigmate


El 2018-08-28 12:36, Tim Dudgeon escribió:

I've got a situation where the IP addresses of the nodes in an openshift origin 3.9 cluster are going to change and am trying to work out what impact this will have. Of course the DNS will be updated to reflect the changes, and the ansible inventory file only uses hostnames, not IP addresses.

However, looking that the /etc/origin/master/master-config.yaml I see an entry like this:
masterIP: 172.20.0.16

And on the nodes in the /etc/origin/node/node-config.yaml I see this:
dnsIP: 172.20.0.16

So this suggests that the IP addresses are significant in some aspects.
Are there other places where the IP addresses will need to be changed?
Should it work to just update those IP addresses and restart the services?

Thanks
Tim

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]