diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index b7e2cfc67b..6282de51cf 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -103,7 +103,7 @@ func APIServers(ctx context.Context, node *config.Node, proxy proxy.Proxy) []str return false, err } if len(addresses) == 0 { - logrus.Infof("Waiting for apiserver addresses") + logrus.Infof("Waiting for supervisor to provide apiserver addresses") return false, nil } return true, nil diff --git a/pkg/agent/run.go b/pkg/agent/run.go index f3342767ad..aa9f5a5ce5 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -530,20 +530,31 @@ func setupTunnelAndRunAgent(ctx context.Context, nodeConfig *daemonconfig.Node, } func waitForAPIServerAddresses(ctx context.Context, nodeConfig *daemonconfig.Node, cfg cmds.Agent, proxy proxy.Proxy) error { + var localSupervisorDefault bool + if addresses := proxy.SupervisorAddresses(); len(addresses) > 0 { + host, _, _ := net.SplitHostPort(addresses[0]) + if host == "127.0.0.1" || host == "::1" { + localSupervisorDefault = true + } + } + for { select { case <-time.After(5 * time.Second): - logrus.Info("Waiting for apiserver addresses") + logrus.Info("Waiting for control-plane node to register apiserver addresses in etcd") case addresses := <-cfg.APIAddressCh: for i, a := range addresses { host, _, err := net.SplitHostPort(a) if err == nil { addresses[i] = net.JoinHostPort(host, strconv.Itoa(nodeConfig.ServerHTTPSPort)) - if i == 0 { - proxy.SetSupervisorDefault(addresses[i]) - } } } + // If this is an etcd-only node that started up using its local supervisor, + // switch to using a control-plane node as the supervisor. Otherwise, leave the + // configured server address as the default. + if localSupervisorDefault && len(addresses) > 0 { + proxy.SetSupervisorDefault(addresses[0]) + } proxy.Update(addresses) return nil case <-ctx.Done(): diff --git a/pkg/agent/tunnel/tunnel.go b/pkg/agent/tunnel/tunnel.go index 79122c6b1f..479288e0fb 100644 --- a/pkg/agent/tunnel/tunnel.go +++ b/pkg/agent/tunnel/tunnel.go @@ -124,18 +124,33 @@ func Setup(ctx context.Context, config *daemonconfig.Node, proxy proxy.Proxy) er // The loadbalancer is only disabled when there is a local apiserver. Servers without a local // apiserver load-balance to themselves initially, then switch over to an apiserver node as soon // as we get some addresses from the code below. + var localSupervisorDefault bool + if addresses := proxy.SupervisorAddresses(); len(addresses) > 0 { + host, _, _ := net.SplitHostPort(addresses[0]) + if host == "127.0.0.1" || host == "::1" { + localSupervisorDefault = true + } + } + if proxy.IsSupervisorLBEnabled() && proxy.SupervisorURL() != "" { logrus.Info("Getting list of apiserver endpoints from server") // If not running an apiserver locally, try to get a list of apiservers from the server we're // connecting to. If that fails, fall back to querying the endpoints list from Kubernetes. This // fallback requires that the server we're joining be running an apiserver, but is the only safe // thing to do if its supervisor is down-level and can't provide us with an endpoint list. - if addresses := agentconfig.APIServers(ctx, config, proxy); len(addresses) > 0 { - proxy.SetSupervisorDefault(addresses[0]) + addresses := agentconfig.APIServers(ctx, config, proxy) + logrus.Infof("Got apiserver addresses from supervisor: %v", addresses) + + if len(addresses) > 0 { + if localSupervisorDefault { + proxy.SetSupervisorDefault(addresses[0]) + } proxy.Update(addresses) } else { if endpoint, _ := client.CoreV1().Endpoints(metav1.NamespaceDefault).Get(ctx, "kubernetes", metav1.GetOptions{}); endpoint != nil { - if addresses := util.GetAddresses(endpoint); len(addresses) > 0 { + addresses = util.GetAddresses(endpoint) + logrus.Infof("Got apiserver addresses from kubernetes endpoints: %v", addresses) + if len(addresses) > 0 { proxy.Update(addresses) } }