Server -> client sync of *_kustomization_backup.yaml a single point of failure?

[leiffoged]

When using terraform apply, the *_kustomization_backup.yaml file is fetched from the first master node.

kustomization_backup.tf:

data "remote_file" "kustomization_backup" {
  conn {
    host        = module.control_planes[keys(module.control_planes)[0]].ipv4_address
    port        = 22
    user        = "root"
    private_key = var.ssh_private_key
    agent       = var.ssh_private_key == null
  }
  path = "/var/post_install/kustomization.yaml"

  depends_on = [null_resource.kustomization]
}

However, if the *_kustomization_backup.yaml is not available on the first master node, terraform apply will fail.

Consider, for example, the case where the first master node fails (while the 2 other master nodes remain running). I would expect to be able to replace that node with a new node via terraform apply. However, this will not work because the terraform apply will fail when fetching the *_kustomization_backup.yaml from the first master node (which is not available).

By contrast, if any of the other two master nodes fail, terraform apply will correctly replace that node with a new one and heal the cluster properly.

Ideally, *_kustomization_backup.yaml would be generated only once when the cluster is created (or there would be some option to disable fetching it altogether).

--

Also, thank you for creating this amazing tool. True game-changer.