zifeo
commented
1 year ago @poikilotherm This is the reason I forked this great project, you might be interested in the different approach taken.
Closed poikilotherm closed 8 months ago
zifeo
commented
1 year ago @poikilotherm This is the reason I forked this great project, you might be interested in the different approach taken.
poikilotherm
commented
1 year ago @zifeo thanks for the pointer! I'll check it out!
remche
commented
1 year ago @poikilotherm see my comment on #58 ;)
powellchristoph
commented
1 year ago Its relatively simple to simply wrap it with your own module. Here is a snippet that I use to expose the API, but it doesn't remove the FIP of the control plane nodes.
https://gist.github.com/powellchristoph/90f982de9ec3532c1d486cf323009325
slavikos
commented
1 year ago Hi @powellchristoph,
https://gist.github.com/powellchristoph/90f982de9ec3532c1d486cf323009325
I used your snippet to create a LB, but now I get a certificate error when trying to connect with kubectl via the FP that is associated with the LB. How did you overcome the issue ?
powellchristoph
commented
1 year ago Hi @powellchristoph,
https://gist.github.com/powellchristoph/90f982de9ec3532c1d486cf323009325
I used your snippet to create a LB, but now I get a certificate error when trying to connect with kubectl via the FP that is associated with the LB. How did you overcome the issue ?
Sorry, you will need to add your domain and the FIP to the additional_sans for when it creates the TLS cert.
module "controlplane" {
additional_san = distinct(flatten([
var.additional_sans,
local.default_cluster_fqdn,
var.controlplane_lb_enabled ? [openstack_networking_floatingip_v2.controlplane_lb[0].address] : []
]))
} 
stale[bot]
commented
11 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
In our environment, IPs are expensive and it's a lot of effort to get DNS RR going. Because of this, we would like to create a loadbalancer to expose the K8s API instead of assigning lots of floating IPs.
This is kind of related to #53, although we don't want to reuse sth, but let this module handle it.
(For HTTP/HTTPS, we will create a separate loadbalancer with an octavia controller to expose the actual services. This can happen after setting up the RKE cluster, so doesn't need to be a part of this, as you show in your examples.)
Would you like to see a PR and accept a contribution for this? (I'm already aware that you emphasize on backward compat, so I will make sure of that if possible)