remche / terraform-openstack-rke2 Goto Github PK
View Code? Open in Web Editor NEWDeploy Kubernetes on OpenStack with RKE2
License: Mozilla Public License 2.0
Deploy Kubernetes on OpenStack with RKE2
License: Mozilla Public License 2.0
I'm testing the minimal example on OpenStack to deploy a minimal cluster on OpenStack.
The image I'm using is a CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64 and requires to log using "centos" user and to use sudo for most things.
The setup seems to loop because the code here https://github.com/remche/terraform-openstack-rke2/blob/master/kubernetes.tf#L12 does not use sudo and thus cannot see the /etc/rancher/rke2/rke2-remote.yaml which has been indeed generated.
Here is my modified main.cf
module "controlplane" {
source = "remche/rke2/openstack"
cluster_name = var.cluster_name
dns_servers = var.dns_servers
write_kubeconfig = true
image_name = "CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64"
flavor_name = "m4.medium"
public_net_name = "fips_pool1"
ssh_key_file = "/data/id_rsa"
boot_volume_size = 20
boot_from_volume = true
use_ssh_agent = false
system_user = "centos"
}
Currently RKE2 keeps the agent as NotReady:
NAME STATUS ROLES AGE VERSION
rke-cluster-blue-001 Ready <none> 65m v1.21.5+rke2r2
rke-cluster-green-001 NotReady <none> 65m v1.21.5+rke2r2
We should check that etcd is healthy before upgrading next server node.
Hello,
I'm looking into using your terraform provider, however I'm actually looking for a way to use an existing network, complete with security groups and subnets. I can't really seem to find a way to do it without forking your setup.
Is this something you already can do, or something you have thought about adding?
This project is great;
Now we're trying to do some upgrades. Before applying it to your production cluster I'm trying to see how it works, but there is virtually no information about how it works; besides that there is a flag "do_upgrade"
Setting the flag did trigger a remote shell execution on the server
Provisioning with 'local-exec'.
(local-exec): Executing: ["/bin/sh" "-c" "touch ./.terraform/tmp/rke2/upgrade-a25fdd70-8f4d-4b2e-8336-b0cb75389ab0-"]
but it does not appear to have done much.
The best that I have is to upgrade a 6 weeks old cluster (test) cluster with 1.24.4+rke2r1
I expect it to move to v1.24.7+rke2r1 (which is the version of a cluster that is a couple of days old)
Hi! I've made a local branch and made some somewhat hackish code to implement support for the above (my openstack provider is a bit different). If I clean it up a bit and make it presentable, would you be open for a PR?
I'm testing the minimal example on OpenStack to deploy a minimal cluster on OpenStack.
The image I'm using is a CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64 and requires to log using "centos" user and to use sudo for most things.
When launching the setup I've got the following error:
│ Error: local-exec provisioner error
│
│ with module.controlplane.null_resource.write_kubeconfig[0],
│ on .terraform/modules/controlplane/kubernetes.tf line 15, in resource "null_resource" "write_kubeconfig":
│ 15: provisioner "local-exec" {
│
│ Error running command 'scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null centos@...:/etc/rancher/rke2/rke2-remote.yaml rke2.yaml': exit status 1.
│ Output: Warning: Permanently added '...' (ECDSA) to the list of known hosts.
│ Load key "/root/.ssh/id_rsa": invalid format
The script tries to load the private key from default location although I've specified a different location and that I'm not using any ssh_agent.
I think the test in https://github.com/remche/terraform-openstack-rke2/blob/master/kubernetes.tf#L16 should be inverted...
Here is my file:
module "controlplane" {
source = "remche/rke2/openstack"
cluster_name = var.cluster_name
dns_servers = var.dns_servers
write_kubeconfig = true
image_name = "CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64"
flavor_name = "m4.medium"
public_net_name = "fips_pool1"
ssh_key_file = "/data/id_rsa"
boot_volume_size = 20
boot_from_volume = true
use_ssh_agent = false
system_user = "centos"
}
I'm very new to terraform and also this very module, but I believe there is "logic conflict" issue in the write_kubeconfig
resource in controlplane/kubernetes.tf
which fails when trying to connect to the server node because it "silently" uses the ssh_key_file
variable even if the ssh_keypair_name
variable is set.
Install script should not be run if :
1/ rke2 is installed
2/ rke2_version metadata is not set
Hello;
I've spotted some strange hardcoded ips and reference to github projects in the cloud-init template:
The Cinder CSI example won't start out of the box:
$ kubectl get all -A | grep csi
kube-system pod/helm-install-cinder-csi-plugin-pcsbm 0/1 Completed 0 11m
kube-system pod/openstack-cinder-csi-controllerplugin-856876dd97-tp6sx 5/6 CrashLoopBackOff 5 (79s ago) 10m
kube-system pod/openstack-cinder-csi-nodeplugin-bc8ql 2/3 CrashLoopBackOff 6 (61s ago) 10m
kube-system pod/openstack-cinder-csi-nodeplugin-cdtsq 2/3 CrashLoopBackOff 6 (81s ago) 10m
kube-system pod/openstack-cinder-csi-nodeplugin-r2dp9 2/3 CrashLoopBackOff 6 (41s ago) 10m
kube-system pod/openstack-cinder-csi-nodeplugin-vc5w8 2/3 CrashLoopBackOff 6 (81s ago) 10m
kube-system daemonset.apps/openstack-cinder-csi-nodeplugin 4 4 0 4 0 <none> 10m
kube-system deployment.apps/openstack-cinder-csi-controllerplugin 0/1 1 0 10m
kube-system replicaset.apps/openstack-cinder-csi-controllerplugin-856876dd97 1 1 0 10m
kube-system job.batch/helm-install-cinder-csi-plugin 1/1 76s 12m
Deployed with:
Hi,
First of all, thanks to your project, we are able to deploy nodes with rke2 on openstack.
However, FYI, we had some issues using terraform and terraform-openstack-rke2.
Indeed, the main.tf at the root folder does not contain containerd_config_file = filebase64(var.containerd_config_file)
, but containerd_config_file = var.containerd_config_file
.
Is this the normal behaviour ?
Instead, should we use directly the base64 value as a string in variables.tf
?
Thanks,
Best regards,
Module should optionally outputs variables to feed Terraform Kubernetes provider.
We should be able to provide a registries.yaml
file.
Using a templated (b64+gz) string is probably the best way as it might contain sensitive values.
matti/terraform-shell-resource is now archived, let's switch to
https://github.com/Invicton-Labs/terraform-external-shell-resource
Hello,
Is it possible to define use_octavia = true
as defined on the original terraform-openstack-rke repo ?
https://github.com/remche/terraform-openstack-rke/blob/master/modules/rke/main.tf#L158-L160
I couldn't find anything related with LBAAS or Octavia on this repo.
Thanks
Francisco
Very nice work! Question though, why are several of the outputs configured as sensitive? IPs and IDs are typically thought of as secrets.
floating_ip
, internal_ip
, subnet_id
We should use cluster name instead of rke2
in KUBECONFIG context.
Hi there!
First: thank you very much for putting this module online and mainting it. Open Source is hard. 😺
In our environment, we would like to have a separated bastion host, as we want to add more services aside from RKE, like separation of concerns and don't want to have so many SSH servers exposed.
I am hacking on an addition to this project which would allow the creation of a distinct bastion node before the RKE servers are created (I couldn't think of a way to do this outside, as we network information is not yet available before the server nodes are created.)
Would you like to see a PR and accept a contribution?
resulting in
time="2021-09-29T11:41:44Z" level=fatal msg="yaml: did not find expected node content"
In our environment, IPs are expensive and it's a lot of effort to get DNS RR going. Because of this, we would like to create a loadbalancer to expose the K8s API instead of assigning lots of floating IPs.
This is kind of related to #53, although we don't want to reuse sth, but let this module handle it.
(For HTTP/HTTPS, we will create a separate loadbalancer with an octavia controller to expose the actual services. This can happen after setting up the RKE cluster, so doesn't need to be a part of this, as you show in your examples.)
Would you like to see a PR and accept a contribution for this? (I'm already aware that you emphasize on backward compat, so I will make sure of that if possible)
The construct
which jq 2>&1 > /dev/null || sudo curl -sfL $JQ_URL -o $JQ_BIN && sudo chmod +x $JQ_BIN
should correctly be
which jq 2>&1 > /dev/null || { sudo curl -sfL $JQ_URL -o $JQ_BIN && sudo chmod +x $JQ_BIN ; }
If "jq" binary is available, "sudo chmod ..." is executed and fails.
Since CI env does not need it anymore it's safe to remove DNS servers variable from CI.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.