C12s/c12s-kubespray

Fork 0

Commit graph

Author	SHA1	Message	Date
Cristian Klein	3ac92689f0	exoscale: Rework EIP access from workers (#7337 ) Context: Load-balancing in Exoscale is performed by associating many workers with the same EIP. This works, however, the workers cannot access themselves via the EIP, which is needed at least for cert-managers "self-test". Problem: The old iptables based workaround felt fragile and disappointed me at least once. New solution: Add the EIP to a loopback interface on each worker.	2021-04-16 03:22:22 -07:00
Cristian Klein	b77460ec34	contrib/terraform/exoscale: Rework SSH public keys (#7242 ) * contrib/terraform/exoscale: Rework SSH public keys Exoscale has a few limitations with `exoscale_ssh_keypair` resources. Creating several clusters with these scripts may lead to an error like: ``` Error: API error ParamError 431 (InvalidParameterValueException 4350): The key pair "lj-sc-ssh-key" already has this fingerprint ``` This patch reworks handling of SSH public keys. Specifically, we rely on the more cloud-agnostic way of configuring SSH public keys via `cloud-init`. * contrib/terraform/exoscale: terraform fmt * contrib/terraform/exoscale: Add terraform validate * contrib/terraform/exoscale: Inline public SSH keys The Terraform scripts need to install some SSH key, so that Kubespray (i.e., the "Ansible part") can take over. Initially, we pointed the Terraform scripts to `~/.ssh/id_rsa.pub`. This proved to be suboptimal: Operators sharing responbility for a cluster risk unnecessarily replacing resources. Therefore, it has been determined that it's best to inline the public SSH keys. The chosen variable `ssh_public_keys` provides some uniformity with `contrib/azurerm`. * Fix Terraform Exoscale test * Fix Terraform 0.14 test	2021-02-03 07:32:28 -08:00
Fredrik Liv	404ea0270e	Added terraform support for Exoscale (#7141 ) * Added terraform support for Exoscale * Fixed markdown lint error on exoscale terraform	2021-01-22 20:37:39 -08:00

Author

SHA1

Message

Date

Cristian Klein

3ac92689f0

exoscale: Rework EIP access from workers (#7337 )

Context: Load-balancing in Exoscale is performed by associating many
workers with the same EIP. This works, however, the workers cannot access
themselves via the EIP, which is needed at least for cert-managers
"self-test".

Problem: The old iptables based workaround felt fragile and disappointed
me at least once.

New solution: Add the EIP to a loopback interface on each worker.

2021-04-16 03:22:22 -07:00

Cristian Klein

b77460ec34

contrib/terraform/exoscale: Rework SSH public keys (#7242 )

* contrib/terraform/exoscale: Rework SSH public keys

Exoscale has a few limitations with `exoscale_ssh_keypair` resources.
Creating several clusters with these scripts may lead to an error like:

```
Error: API error ParamError 431 (InvalidParameterValueException 4350): The key pair "lj-sc-ssh-key" already has this fingerprint
```

This patch reworks handling of SSH public keys. Specifically, we rely on
the more cloud-agnostic way of configuring SSH public keys via
`cloud-init`.

* contrib/terraform/exoscale: terraform fmt

* contrib/terraform/exoscale: Add terraform validate

* contrib/terraform/exoscale: Inline public SSH keys

The Terraform scripts need to install some SSH key, so that Kubespray
(i.e., the "Ansible part") can take over. Initially, we pointed the
Terraform scripts to `~/.ssh/id_rsa.pub`. This proved to be suboptimal:
Operators sharing responbility for a cluster risk unnecessarily replacing resources.

Therefore, it has been determined that it's best to inline the public
SSH keys. The chosen variable `ssh_public_keys` provides some uniformity
with `contrib/azurerm`.

* Fix Terraform Exoscale test

* Fix Terraform 0.14 test

2021-02-03 07:32:28 -08:00

Fredrik Liv

404ea0270e

Added terraform support for Exoscale (#7141 )

* Added terraform support for Exoscale

* Fixed markdown lint error on exoscale terraform

2021-01-22 20:37:39 -08:00

3 commits