https://www.puppet.com/community logo
Join Slack
Powered by
# voxpupuli
  • y

    Yury Bushmelev

    04/08/2023, 7:00 PM
    Hit this with puppet-k8s: https://github.com/jay7x/puppet-k8s/blob/master/manifests/server/etcd.pp#L36 My VMs have 2 NICs (qemu user-mode network for internet and socket_vmnet for interconnection). With
    lima
    I cannot disable the user-mode network.. so etcd members cannot connect to each other because there is no interconnect IPs in a cert SAN..
  • y

    Yury Bushmelev

    04/08/2023, 7:00 PM
    Hit this with puppet-k8s: https://github.com/jay7x/puppet-k8s/blob/master/manifests/server/etcd.pp#L36 My VMs have 2 NICs (qemu user-mode network for internet and socket_vmnet for interconnection). With
    lima
    I cannot disable the user-mode network.. so etcd members cannot connect to each other because there is no interconnect IPs in a cert SAN..
  • y

    Yury Bushmelev

    04/08/2023, 7:02 PM
    ouch.. that link is to my fork.. but anyway it’s mostly vanilla atm
  • y

    Yury Bushmelev

    04/09/2023, 9:19 AM
    meh.. actually I hit different thing.. certs should be generated properly for the whole cluster it seems..
  • y

    Yury Bushmelev

    04/09/2023, 9:50 AM
    fixed the above here anyway: https://github.com/voxpupuli/puppet-k8s/pull/32
  • y

    Yury Bushmelev

    04/09/2023, 9:50 AM
    fixed the above here anyway: https://github.com/voxpupuli/puppet-k8s/pull/32
  • y

    Yury Bushmelev

    04/09/2023, 2:07 PM
    tried with just one k8s::server node and got this 🤔
    Copy code
    Kubectl_apply[puppet:cluster-info:reader Role]: Execution of '/usr/bin/kubectl --namespace kube-system --kubeconfig /root/.kube/config get Role puppet:cluster-info:reader --output json' returned 1: error: the server doesn't have a resource type "Role"
        Kubectl_apply[system:<http://certificates.k8s.io:certificatesigningrequests:nodeclient|certificates.k8s.io:certificatesigningrequests:nodeclient>]: Execution of '/usr/bin/kubectl --kubeconfig /root/.kube/config get ClusterRole system:<http://certificates.k8s.io:certificatesigningrequests:nodeclient|certificates.k8s.io:certificatesigningrequests:nodeclient> --output json' returned 1: error: the server doesn't have a resource type "ClusterRole"
        Kubectl_apply[system:<http://certificates.k8s.io:certificatesigningrequests:selfnodeclient|certificates.k8s.io:certificatesigningrequests:selfnodeclient>]: Execution of '/usr/bin/kubectl --kubeconfig /root/.kube/config get ClusterRole system:<http://certificates.k8s.io:certificatesigningrequests:selfnodeclient|certificates.k8s.io:certificatesigningrequests:selfnodeclient> --output json' returned 1: error: the server doesn't have a resource type "ClusterRole"
  • t

    treydock

    04/10/2023, 3:30 PM
    Could use review on officially supporting EL8 with openldap module: https://github.com/voxpupuli/puppet-openldap/pull/373
    👍 1
  • t

    treydock

    04/10/2023, 3:30 PM
    Could use review on officially supporting EL8 with openldap module: https://github.com/voxpupuli/puppet-openldap/pull/373
  • s

    Slackbot

    04/10/2023, 5:25 PM
    This message was deleted.
    v
    t
    • 3
    • 2
  • t

    treydock

    04/10/2023, 5:26 PM
    @bastelfreak WRT to comment about openldap EL9 - https://github.com/voxpupuli/puppet-openldap/pull/374 - I tried and it seems
    openldap-servers
    isn't yet part of RHEL9. I remember when RHEL8 came out RedHat did not provide the server component and I think enough people complained they eventually put the server RPM back into their repos. Hoping something similar will happen with RHEL9.
  • v

    vchepkov

    04/10/2023, 5:35 PM
    @treydock, they published it in epel9
  • t

    treydock

    04/10/2023, 5:47 PM
    Ohh nifty didn't realize that, I tried getting that done for epel8 and was rejected but that was years ago
  • v

    vchepkov

    04/10/2023, 5:57 PM
    yeah, in rhel8 they put it in codebuild or some other 'after thought'
  • g

    Greg

    04/10/2023, 6:25 PM
    openldap maintainers have had a contentious relationship with RH. If you use -their- packages (which are closer-to-source) they’re more responsive. https://repo.symas.com/repo/rpm/SOLDAP/release25/ has 7 8 9. Clearly that means going off-epel, but, at least packages exist. It’s been the only reasonable maintenance path I’ve found, as ldap admin at $work.
  • t

    tvaughan

    04/10/2023, 7:48 PM
    If anyone wants to port to 389-DS (it's actually nice) https://github.com/simp/pupmod-simp-ds389/
    🤩 2
  • t

    tvaughan

    04/10/2023, 7:48 PM
    If anyone wants to port to 389-DS (it's actually nice) https://github.com/simp/pupmod-simp-ds389/
  • y

    Yorokobi

    04/10/2023, 10:48 PM
    @Yorokobi has left the channel
  • v

    VoxBot

    04/11/2023, 6:40 AM
    morning
  • v

    VoxBot

    04/11/2023, 6:41 AM
    ewoud: can you take another look at https://github.com/voxpupuli/beaker-vagrant/pull/69
  • r

    Robert Waffen

    04/11/2023, 8:27 AM
    i can add some examples how i'm doing it. just give me a sec 😉
  • r

    Robert Waffen

    04/11/2023, 9:51 AM
    see here: https://github.com/voxpupuli/puppet-k8s/pull/33
  • v

    VoxBot

    04/11/2023, 11:45 AM
    For people looking to know more how Kubernetes actually comes together, I heartily recommend https://github.com/kelseyhightower/kubernetes-the-hard-way
    👍 1
  • v

    VoxBot

    04/11/2023, 11:48 AM
    It's a little outdated, but it does actually complete a full installation of all components, instead of just using the many layers of abstraction tooling that everybody uses nowadays
  • r

    Robert Waffen

    04/11/2023, 11:49 AM
    this is indeed a very good tutorial to get to know the components of kubernetes
  • v

    VoxBot

    04/11/2023, 11:51 AM
    Unfortunately it's a little lacking in describing the why most of the parameters are set to the values that they are - and it also adds a bunch of parameters that are either just default values or deployment specific tuning
  • v

    VoxBot

    04/11/2023, 11:53 AM
    I've tried to keep the k8s module light in that regard, avoiding re-defining default values or doing any specific tuning
  • r

    Robert Waffen

    04/11/2023, 11:59 AM
    thats true, it is not very detailed in describing why you this or that. but if you follow along and play around here and there it is a good start. i also did this tutorial. it helped me to get started. but then with all this cni, cri and csi stuff i got lost. but i think i have some clue now how cni works. cri also was solveable for me. next step is csi.
  • y

    Yury Bushmelev

    04/11/2023, 12:05 PM
    there is another “the hard way” for VirtualBox VMs: https://github.com/ddometita/mmumshad-kubernetes-the-hard-way (based on original one but for non-cloud)
  • y

    Yury Bushmelev

    04/11/2023, 12:05 PM
    there is another “the hard way” for VirtualBox VMs: https://github.com/ddometita/mmumshad-kubernetes-the-hard-way (based on original one but for non-cloud)
1...408409410...648Latest