Open hh opened 4 months ago
We fixed this previously by adding the following:
https://github.com/sharingio/infra/blob/main/terraform/equinix-metal-talos-cluster/main.tf#L161-L164
cluster:
apiServer:
extraArgs:
anonymous-auth: true
This should probably get documented somewhere in the Equinix + Talos deployment pages, I'll see what I can find.
Currently we only perform an unauthenticated check here: https://github.com/kubernetes-sigs/cloud-provider-equinix-metal/blob/3fb9b358ecaa037ed271b29246ef8f9b29bab77a/metal/eip_controlplane_reconciliation.go#L250
While the default for upstream kubernetes allows anonymous.
See https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
Talos and possibly other Kubernetes distribution disable unauthenticated access to the Kubernetes API.
I suggest trying an unauthenticated request first, and if that fails, try authenticated with the credentials available to the CCM pod.