cluster-addons via public API not only Bastion/Operator #986
Comments
|
Even if you can prevent |
|
Hey @robo-cap, you are 100% correct, so I would like to add to my request that the helm of extensions module will also support working with public API endpoint on OKE. |
|
We had not worked on this as we are dependent on oci-cli being installed and configured in the terraform execution environment. Any call to the public OKE endpoint needs to be signed by a token generated with oci-cli. |
|
the delete_addons.tf already utilizes oci cli - locals { so this dependency seems to already be in place. |
|
No, null_resource.remove_addons relies on the bastion and operator host to run oci-cli commands. Here is the provisioner configured for it. |
I setup a public API cluster with no Bastion or Operator, I am trying to Deploy Cilium which requires Flannel and Kube-Proxy addon removal, and it fails on -
Error: remote-exec provisioner error
│
│ with module.cluster-addons[0].null_resource.remove_addons["KubeProxy"],
│ on modules/cluster-addons/delete_addons.tf line 30, in resource "null_resource" "remove_addons":
│ 30: provisioner "remote-exec" {
│
│ host for provisioner cannot be empty
The same happens when trying to install Cilium with the exact same error.
After researching the issue, it seems the module cluster-addons is dependent on a connection to the cluster API which in turn is only configured in the module to be accessed via Bastion or Operator -
connection {
bastion_host = var.bastion_host
bastion_user = var.bastion_user
bastion_private_key = var.ssh_private_key
host = var.operator_host
user = var.operator_user
private_key = var.ssh_private_key
timeout = "40m"
type = "ssh"
}
I would like the module to utilize an OKE Public API endpoint for deleting/deploying add-ons and not be limited to accessing the API solely via Bastion or Operator.
Thank you.
The text was updated successfully, but these errors were encountered: