docs: apply suggestions from code review

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
kubernetes-sigs · Aug 29, 2022 · c424d7e · c424d7e
1 parent bcbe249
commit c424d7e
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/vars.md b/docs/vars.md
@@ -206,14 +206,14 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 
 * *kubelet_systemd_hardening* - If `true`, provides kubelet systemd service with security features for isolation.
 
-  **N.B.** To enable this feature, ensure you are using **`cgroup v2`** on your system. Check it out with command: `sudo ls -l /sys/fs/cgroup/*.slice`. If directory does not exists, enable this with the following guide: [enable cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cgroup-v2).
+  **N.B.** To enable this feature, ensure you are using the **`cgroup v2`** on your system. Check it out with command: `sudo ls -l /sys/fs/cgroup/*.slice`. If directory does not exists, enable this with the following guide: [enable cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cgroup-v2).
 
   * *kubelet_secure_address* - By default *kubelet_systemd_hardening* set the **control plane** `ansible_host` IPs as the `kubelet_secure_address`. In case you have multiple interfaces in your control plane nodes and the `kube-apiserver` is not bound to the default interface, you can override them with this variable.
     Example:
 
-    The **control plane** node have 2 interfaces with the following IP addresses: `10.0.0.110`, `192.168.1.110`.
+    The **control plane** node may have 2 interfaces with the following IP addresses: `eth0:10.0.0.110`, `eth1:192.168.1.110`.
 
-    By default the `kubelet_secure_address` is set with the `10.0.0.110` because it is the address used by ansible to connect to the machine. In case you set the `kube-apiserver` to listen to `192.168.1.110`, then you can override the variable in this way: `kubelet_secure_address: "192.168.1.110"`.
+    By default the `kubelet_secure_address` is set with the `10.0.0.110` the ansible control host uses `eth0` to  connect to the machine. In case you want to use `eth1` as the outgoing interface on which `kube-apiserver` connects to the `kubelet`s, you should override the variable in this way: `kubelet_secure_address: "192.168.1.110"`.
 
 * *node_labels* - Labels applied to nodes via kubelet --node-labels parameter.
   For example, labels can be set in the inventory as variables or more widely in group_vars.