Add or change the load balancer of a kURL cluster

The first step is to generate new certificates for each API server to include the new load balancer address in the SANs.

On the first primary:

  1. kubectl -n kube-system edit configmap kubeadm-config. Set the control plane endpoint in the ClusterConfiguration yaml to the new load balancer address and add its ip/hostname to the certSANs list.
  2. Edit /opt/replicated/kubeadm.conf to match the changes you made to the configmap.
  3. Run rm /etc/kubernetes/pki/apiserver.{crt,key}
  4. Run kubeadm init phase certs apiserver --config /opt/replicated/kubeadm.conf

Before moving on to the remaining primaries, first, generate a new bootstrap token on the first primary with kubeadm init phase bootstrap-token --config=/opt/replicated/kubeadm.conf
Then run these steps on each of the remote primaries:

  1. Edit /opt/replicated/kubeadm.conf and update the token to the one just generated on the first primary.
  2. Run rm /etc/kubernetes/pki/apiserver.{crt,key}
  3. Run kubeadm join phase control-plane-prepare certs apiserver --config=/opt/replicated/kubeadm.conf

Now it’s safe to tell all clients to use the new address:

  1. Run kubectl -n kube-system edit configmap kube-proxy and change the server to the new address.
  2. Edit /etc/kubernetes/kubelet.conf on every node, changing the server to the new address.
  3. For all primaries, also update the server in /etc/kubernetes/admin.conf, /etc/kubernetes/scheduler.conf, and /etc/kubernetes/controller-manager.conf.
1 Like

This is now supported automatically in kurl with ekco 0.6.0.