I'm a newbie when it comes to Kubernetes and the thing I am struggling to understand is the network address that I pass into the command kubeadm init --apiserver-advertise-address=$ip
if I have two networks a public and private one. If I add the private one I can't connect to the proxy, although I feel if I add the public one kubernetes itself is exposed and a problematic solution for security. Not only that I also can't seem to expose services to the public address.
I did try to SSH tunnel to the proxy, it works but Kubernetes dashboard seems to give me a context error.
I essentially want the node to node communication on the private network.
Thanks for any advice in advance. Jamie
The --apiserver-advertise-address
is the IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. By default, it is the private IP of your master node where you're running kubeadm init
. Also, It can be a L4 load balancer IP address, if your apiserver is behind the load balancer(generally happens in mutli master setup)
The another thing you talk about is node to node
communication inside kubernetes cluster, and that happens through the CNI network. There are multiple CNI networks available on which you can choose, I recommend weave
or calico
both are quite stable.
For better understanding you can read:
https://chrislovecnm.com/kubernetes/cni/choosing-a-cni-provider/
To kick start with cluster creation, there is nothing better than kubernetes official doc:
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
Hope this helps.