Open hardys opened 4 weeks ago
atanasdinov
commented
4 weeks ago While it is valid, do we want to do it? Joining a node at a later point in time is much more robust if it's based on a virtual IP backed by MetalLB. I'd generally assume that MetalLB (and Endpoint Copier Operator) do not really bring that much complexity and / or load to the cluster so I went with the assumption that it's better to always use virtual IP even in said architecture models.
hardys
commented
4 weeks ago @atanasdinov the issue is in many PoC situations you don't control the lab networking, and in that case obtaining an additional address for the VIP is problematic for many users.
So for example you have two machines and you want to create a 1 controlplane and 1 worker/agent, but all IPs are managed via DHCP - with this current validation it's not possible to do that using a single EIB image AFAICS.
agracey
commented
3 weeks ago Is there any way we could look at using mdns/avahi/zeroconfig to broadcast a join address? It would be too hard to do but I'm not sure about the security implications
atanasdinov
commented
3 weeks ago We'll revisit this for the next version of EIB.
In the image validation we check for the number of nodes, and if it's more than one we enforce configuration of an APIVIP
https://github.com/suse-edge/edge-image-builder/blob/main/pkg/image/validation/kubernetes.go#L52
However it's valid to deploy a single controlplane (
type: server) host without any APIVIP, but also define one or more compute (type: agent) hosts.So I think the validation (and other relevant checks for number of nodes related to configuration/defaults) should consider not only the node list length, but also filter by type.