search

equinix / terraform-equinix-metal-openshift-on-baremetal

OpenShift 4.9 Installer for Equinix Metal
https://registry.terraform.io/modules/equinix/openshift-on-baremetal/metal/latest
Apache License 2.0
9 stars 13 forks source link

bastion kubeconfig is not persisted between boots #10

Open displague opened 2 years ago

displague commented 2 years ago

For operations where the bastion kubeconfig is needed on subsequent bootups, the file should be stored in a permanent location. Currently, this file is stored in /tmp.

/tmp/artifacts/install/auth/kubeconfig

displague commented 2 years ago

Perhaps bastion_kubeconfig should be set to /etc/kubernetes/kubeconfig

displague commented 2 years ago

The contents of this file include https://localhost:6443 when the bastion node is not forwarding that port to the loadbalancer.

Perhaps this should be https://api-int.{clustername}.{basedomain}:6443/

displague commented 2 weeks ago

Since (line), on the bastion node, ~/.kube/config has a working config for oc:

[root@lb-0 ~]#  oc get nodes
NAME                   STATUS   ROLES                  AGE   VERSION
master-0.mos.example.com   Ready    control-plane,master   4d    v1.25.16+306a47e
master-1.mos.example.com   Ready    control-plane,master   4d    v1.25.16+306a47e
master-2.mos.example.com   Ready    control-plane,master   4d    v1.25.16+306a47e
worker-0.mos.example.com   Ready    worker                 4d    v1.25.16+306a47e
worker-1.mos.example.com   Ready    worker                 4d    v1.25.16+306a47e
--- /tmp/artifacts/install/auth/kubeconfig      2024-06-13 09:21:35.225960744 -0400
+++ /root/.kube/config  2024-06-13 09:21:31.742958507 -0400
@@ -3,22 +3,13 @@
 - cluster:
     certificate-authority-data: ...
     server: https://api.mos.example-com:6443
-  name: api-mos-example-com:6443
-- cluster:
-    certificate-authority-data: ...
-    server: https://api.mos.example-com:6443
   name: mos
 contexts:
 - context:
     cluster: mos
     user: admin
   name: admin
-- context:
-    cluster: api-mos-example-com:6443
-    namespace: openshift-nfs-storage
-    user: system:admin/api-mos-example-com:6443
-  name: openshift-nfs-storage/api-mos-example-com:6443/system:admin
-current-context: openshift-nfs-storage/api-mos-example-com:6443/system:admin
+current-context: admin
 kind: Config
 preferences: {}
 users:
@@ -26,7 +17,3 @@
   user:
     client-certificate-data: ...
     client-key-data: ...
-- name: system:admin/api-mos-example-com:6443
-  user:
-    client-certificate-data: ...
-    client-key-data: ...

kubectl only resides in /tmp/artifacts.

displague commented 2 weeks ago

There are places in the config, during install, where the /root/.kube copy could be used. The documentation should be updated to prefer this copy in any case.