use cluster internal endpoint for kubeadm control plane

kajal-jotwani · kajal-jotwani · commit 175fa5705b3b · 2026-02-17T00:53:06.000+05:30
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -97,7 +97,7 @@ featureGates:
 {%   endfor %}
 {% endif %}
 kubernetesVersion: v{{ kube_version }}
-controlPlaneEndpoint: "{{ _kube_apiserver_endpoint | urlsplit('netloc') }}"
+controlPlaneEndpoint: "{{ _kube_apiserver_cluster_internal_endpoint | urlsplit('netloc') }}"
 certificatesDir: {{ kube_cert_dir }}
 imageRepository: {{ kubeadm_image_repo }}
 apiServer:
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
@@ -116,7 +116,7 @@ featureGates:
 {%   endfor %}
 {% endif %}
 kubernetesVersion: v{{ kube_version }}
-controlPlaneEndpoint: "{{ _kube_apiserver_endpoint | urlsplit('netloc') }}"
+controlPlaneEndpoint: "{{ _kube_apiserver_cluster_internal_endpoint | urlsplit('netloc') }}"
 certificatesDir: {{ kube_cert_dir }}
 imageRepository: {{ kubeadm_image_repo }}
 apiServer:
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.yaml.j2
@@ -6,7 +6,13 @@ discovery:
     kubeConfigPath: {{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml
 {% else %}
   bootstrapToken:
+{% set _join_host = _kube_apiserver_endpoint | urlsplit('hostname') %}
+{% set _join_port = _kube_apiserver_endpoint | urlsplit('port') | default(kube_apiserver_port) %}
+{% if inventory_hostname != groups['kube_control_plane'][0] and _join_host in ['127.0.0.1', 'localhost', '::1'] %}
+    apiServerEndpoint: "{{ (first_kube_control_plane_address | ansible.utils.ipwrap) }}:{{ _join_port }}"
+{% else %}
     apiServerEndpoint: "{{ _kube_apiserver_endpoint | urlsplit('netloc') }}"
+{% endif %}
     token: {{ kubeadm_token }}
     unsafeSkipCAVerification: true
 {% endif %}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.j2
@@ -7,7 +7,13 @@ discovery:
     kubeConfigPath: {{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml
 {% else %}
   bootstrapToken:
+{% set _join_host = _kube_apiserver_endpoint | urlsplit('hostname') %}
+{% set _join_port = _kube_apiserver_endpoint | urlsplit('port') | default(kube_apiserver_port) %}
+{% if inventory_hostname != groups['kube_control_plane'][0] and _join_host in ['127.0.0.1', 'localhost', '::1'] %}
+    apiServerEndpoint: "{{ (first_kube_control_plane_address | ansible.utils.ipwrap) }}:{{ _join_port }}"
+{% else %}
     apiServerEndpoint: "{{ _kube_apiserver_endpoint | urlsplit('netloc') }}"
+{% endif %}
     token: {{ kubeadm_token }}
 {% if ca_cert_content is defined %}
     caCertHashes:
