Feature request: use private networks instead of wireguard VPN

xetys / hetzner-kube

A CLI tool for provisioning kubernetes clusters on Hetzner Cloud

Apache License 2.0

746 stars 116 forks source link

Feature request: use private networks instead of wireguard VPN #286

Open fogs opened 5 years ago

fogs commented 5 years ago

Hetzner recently introduced private networks to configure traffic between cloud VM instances. This feature is still marked as beta.

Giving users the choice between provider networks and the wireguard VPN on the hosts would be a nice feature for hetzner-kube though.

LKaemmerling commented 5 years ago

FYI: We have opened a Beta for our Cloud Controller Manager with Networks support: https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/19#issuecomment-512850269 I guess when we can release our new provider, it would be really easy to implement this feature request, so please help us testing the provider :) Please keep in mind: Do not run this beta software on production nodes!

mavimo commented 5 years ago

@fogs @LKaemmerling I'm on it, are you interested on some kind of preview in order to test it? :)

LKaemmerling commented 5 years ago

@mavimo sure :) I am available for testing :D

suchwerk commented 5 years ago

Hey @mavimo I would like to test also :)

mavimo commented 5 years ago

Hey, sorry I was a bit late on my tests.

There are some blocker related to the external worker (that will not be able to joint the VPN), I need to test if is possible to have a mixed network (VPN for external + Hetzner Network for internal nodes), but I think will add extra complexity that I'm not sure that can be handled; a secondo option is to drop external worker but I dunno how many user should be affected (I never used external worker but I know that someone use this feature).

I'll keep you updated ;)

LKaemmerling commented 5 years ago

What about providing booth @mavimo (optional)?

When a user wants to use wireguard VPN he can use it (with external workers) When a user wants to use our Networks he can use it (only with hcloud workers)

mavimo commented 5 years ago

@LKaemmerling should be an option :)

Actually I'm not convinced from this options since:

it add more complexity to the project (we I think actually there is not enough work force to maintains "variant")
add extra cost to handle E2E tests (we are not spending too much to have it working but if we add a duplication we "duplicate" also the cost)
since adding external worker should be done any time this will force user to destroy and recreate the cluster if they start with a "hetzner network" version until we add a migration procedure (that is not so easy to manage)

@LKaemmerling @suchwerk @xetys WDYT?

mcadam commented 5 years ago

Hey, any change to get a PR to try that out? I am going to start a new test cluster soon and could give some feedback too :)