claudie icon indicating copy to clipboard operation
claudie copied to clipboard

Published 20 hours ago verified publisher icon berops

Feature: Workaround for pulling data from *.google.com on Hetzner nodes

Open bernardhalas opened this issue 1 year ago • 1 comments

Motivation

Hetzner nodes sometimes get assigned IPs which are blacklisted on google (and maybe on some other providers too). This prevents Claudie from reliable provisioning of Hetzner nodes even if GCP nodepools are not used, because there are keys and packages downloaded during K8s provisioning stage by KubeEleven, from Google servers.

Description

Try to figure out a workaround that would allow us to provision non-GCP clusters reliably on Hetzner even if all Hetzner boxes get assigned IPs from Google's blacklist.

Exit criteria

  • [ ] Provision K8s on Hetzner boxes with bad IPs

This is related to https://github.com/berops/claudie/issues/710. There's the same root-cause behind this, however:

  • we can't easily fix the Hetzner-GCP clusters
  • we should be able to find a workaround for Hetzner-non-GCP clusters with respect to the K8s provisioning stage; this the scope of this issue.

bernardhalas avatar May 11 '23 08:05 bernardhalas

I think that this PR Kubeone enhancement could be a good starting point to exploring further options. https://github.com/kubermatic/kubeone/issues/88 We could be using the HTTP_PROXY for curl/apt. Maybe if we would catch early that one of the node doesn't have access to kube-apt, we could utilise ssh tunnel to proxy the requests?

cloudziu avatar Feb 09 '24 14:02 cloudziu

🎉🎉🎉🎉🎉🎉🎉

cloudziu avatar Sep 13 '24 07:09 cloudziu