search

oracle-devrel / terraform-oci-cloudbricks-oke-cluster

OCI Cloud Bricks: Oracle Container (Kubernetes) Engine (OKE) - Cluster
Universal Permissive License v1.0
1 stars 1 forks source link

Tampered nodes when creating a private endpoint cluster #4

Closed dralquinta closed 2 years ago

dralquinta commented 2 years ago

When creating a cluster with the code and setting the control plan to private, then the nodes will get immediately tampered, preventing default namespace to go through correctly.

This is happening because the control plane API subnet is wrong and it should be the same as where the workernodes are.

WRONG image

CORRECT

image

dralquinta commented 2 years ago

Found the problem. This is in this part of the code: 

locals {
  release = "1.0"
  # Subnet OCID local accessors
  lbaas_subnet_ocid    = length(data.oci_core_subnets.LBAASSUBNET.subnets) > 0 ? data.oci_core_subnets.LBAASSUBNET.subnets[0].id : null
  nodepool_subnet_ocid = length(data.oci_core_subnets.ENDPOINTSUBNET.subnets) > 0 ? data.oci_core_subnets.LBAASSUBNET.subnets[0].id : null

So this is always passing on the LBAASSUBNET on local accessor nodepool_subnet_ocid, so regardless of what this is, it'll always pass on the subnet OCID where the LBaaS sits on.

The fix is simple. Working on it now