Using our own security group

[perriea]

Hi,

As the project is currently, we use Scaleway's default security group. It's really bad ...

I propose to create our own security group to secure the cluster. I will propose a PR soon.

[stefanprodan]

Does the security group actually works? Last time I've tried it out, it required a host restart after each rule update.

[perriea]

Arf ... You are agree ...

Before reboot :

ssh -i ~/.ssh/id_rsa root@*.*.*.*
 ___  ___ __ _| | _____      ____ _ _   _
/ __|/ __/ _` | |/ _ \ \ /\ / / _` | | | |
\__ \ (_| (_| | |  __/\ V  V / (_| | |_| |
|___/\___\__,_|_|\___| \_/\_/ \__,_|\__, |
                                    |___/

Welcome on Ubuntu Xenial (16.04 LTS) (GNU/Linux 4.4.113-mainline-rev1 x86_64 )

System information as of: Sat Jan 27 14:26:31 UTC 2018

System load:    0.07            Int IP Address: 10.1.227.115
Memory usage:   0.0%            Pub IP Address:
Usage on /:     4%              Swap usage:     0.0%
Local Users:    0               Processes:      134
Image build:    2017-01-05      System uptime:  57 min
Disk nbd0:      l_ssd 50G

Documentation:  https://scaleway.com/docs
Community:      https://community.scaleway.com
Image source:   https://github.com/scaleway/image-ubuntu

Last login: Sat Jan 27 14:22:03 2018 from *.*.*.*

After reboot :

ssh root@51.15.135.35 -i ~/.ssh/id_rsa
ssh: connect to host 51.15.135.35 port 22: Operation timed out

I thought it had changed since the last time ... I thought about Santa Claus ... The change is crappy ... I'm going to open a ticket at Scaleway to know if he intends to advance.

I wrote that but ... https://github.com/perriea/k8s-scw-baremetal/commit/92dc5579a62c77471b7e97c829486096101087ca https://github.com/perriea/k8s-scw-baremetal/commit/59d5bc5608d2545e66d4e434a07c54de699d2bb7

[alexandrevilain]

Hi ! It seems to be available now :) Look at: https://blog.online.net/2018/04/19/scaleway-feature-improvements-custom-kernel-security-group-live-reload-imagehub-packer/

I'll try to purpose a PR 👍

[perriea]

Good news 👍 My last commits on my fork should work but I let you do the PR. Try to update the provider version (today 1.3.0)

[alexandrevilain]

Hi ! Please take a look at: https://github.com/stefanprodan/k8s-scw-baremetal/pull/12 It's working for me using:

Terraform v0.11.7
+ provider.external v1.0.0
+ provider.scaleway v1.0.1

[perriea]

It did not work on the newer scaleway provider ?

[alexandrevilain]

Not tested, it can be on a next PR. But if you find it mandatory, I can upgrade it!

[alexandrevilain]

Version 1.4.0 of the scaleway provider has been released 3 days ago! I'll try to find time to test it!