Comments (13)
I see that the flannel clients that are created by the flannel operator still do not use the etcd certificates. See https://github.com/giantswarm/flannel-operator/blob/d2677bc5dcf9353d0a45336df9a7b4ecae634253/service/flannel/daemonset.go#L62. I think we could just use the certificates here that the flannel operator uses already.
from kvm-operator.
This is not solved yet.
from kvm-operator.
Is this still valid?
from kvm-operator.
I think so, flannel-operator should request certifcates for etcd access.
from kvm-operator.
Did you do anything? AFAIK you enabled some cert auth option. So in case some client that does not fulfil this requirement will not work at all. Right now it looks like everything still works. This either means we fixed it and all is good or nothing happened so far. Which case is it?
from kvm-operator.
we don't have enabled client cert auth on host cluster because of this so that is the reason why it works
from kvm-operator.
I think we had it but had to rollback because it did not work.
from kvm-operator.
This should be part of the host cluster lockdown then.
from kvm-operator.
It is in SIG operator. Can you take over in SIG host cluster?
from kvm-operator.
but this is still related to flannel-operator
as that is the part that needs to be updated and use client auth in order to connect to etcd, after this is configured we can enable client-auth on etcd. (host cluster issue)
from kvm-operator.
I see.
from kvm-operator.
FYI flannel operator already uses certificates to authenticate against etcd.
from kvm-operator.
good catch, that's the one that should be updated i guess
from kvm-operator.
Related Issues (20)
- use kubeadm (latest) k8scloudconfig
- Dependency Dashboard
- Action Required: Fix Renovate Configuration
- Remove old worker endpoint if pod was rescheduled HOT 5
- Reporting a vulnerability
- Feature request: Allow configuring external openID connect providers HOT 2
- k8s-endpoint-updates deployment produces errors like sleep: invalid number 'inf' HOT 3
- Bind guest master pods to host master nodes HOT 7
- Write tests HOT 2
- add persistenVolume option for master etcd HOT 2
- kvm-operator: recover from failures or just die HOT 1
- pin-worker-to-worker-nodes
- Race error: pods created before service causes endpoint problem HOT 2
- Remove node-controller conditions from the code, when all clusters will have proper value in TPO HOT 2
- Vendor latest k8scloudconfig and manually disable RBAC for compatibility HOT 1
- New cluster is not created if deletion is in progress HOT 1
- Specify CPU/memory limits on k8s-kvm container HOT 9
- Allow graceful VM shutdown
- node-controller: increase intitial delay for healthcheck HOT 2
- Don't use LoadBalancer service type for api and etcd endpoint
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kvm-operator.