vSphere infrastructure provider template #25
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodes are tainted with node.cloudprovider.kubernetes.io/uninitialized because we set cloudProvider: external. this prevents some crucial pods from being scheduled (for example we need the kube-vip pod to start on the first node so it can announce the control plane IP)
eaudetcobello
force-pushed
the
KU-971/vsphere-provider
branch
from
026df59
to
fc98d1b
Compare
set insecure-flag="true" to get around a possible thumbprint verification bug in vsphere-csi driver. Also update csi driver versions to v3.3.0 which support k8s v1.28-v1.30.
create manifest at /capi/manifests so it's applied after bootstrap
The provider acts weird when it comes to checking the thumbprint. The provider suggests to use sha256 for the thumbprint, but kubectl explain VCluster says that thumbprint expects a sha1 hash. So it's clear there's some conflicting information in the documentation. Some experimenting needs to be done in regards to removing the insecure-flag and using sha256 or sha1 for the thumbprint. The error can be seen in vsphere-cpi pods, the logs complain about "thumbprint does not match". Right now there is no error because of a combination of insecure-flag: true and using sha1. Not sure which one of these solves the issue, but it's solved for now.
neoaggelos
suggested changes
Jul 16, 2024
This reverts commit b4e0279.
This reverts commit b3ce6ea281cc13a65dca4431a6e5a97a2355278b.
use kube-vip rbac manifests instead of mounting the admin.conf file
the secret can be enabled/disabled by changing VSPHERE_PROXY_DISABLE in clusterctl.yaml
eaudetcobello
force-pushed
the
KU-971/vsphere-provider
branch
from
58b1ee7
to
2dd8c9d
Compare
neoaggelos
reviewed
Jul 23, 2024
bschimke95
reviewed
Aug 5, 2024
neoaggelos
reviewed
Aug 6, 2024
neoaggelos
suggested changes
Aug 7, 2024
neoaggelos
reviewed
Aug 7, 2024
eaudetcobello
changed the title
bschimke95
reviewed
Aug 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Gaps:
insecure-flag: trueissue and sha1/sha256 thumbprint needs to be investigated. TLDR, there's conflicting documentation where the provider says the thumbprint needs to be in sha256 format, but providing the thumbprint in sha256 causes a "thumbprint mismatch" error. I have resolved this by using a sha1 thumbprint and settinginsecure-flag: true. Need to try only settinginsecure-flag: truewith sha256, or removinginsecure-flag: trueand use sha1.NOTE Do not merge before testing with multi-node cluster.
NOTE Verify if L297-301, L319-323, L293-295 are needed for multi-node cluster before merging.