terraform-provider-linode
terraform-provider-linode copied to clipboard
Published
20 hours ago •
linode
linode
[Feature]: Expose private ip addresses of LKE control plane
Description
I would like isolate LKE cluster from other datacenter instances in private network 192.168.128.0/17 with firewalling. So I created the following ressources where local.private_ips is the private ip of my worker nodes
resource "linode_firewall" "firewall" {
label = "lke"
inbound {
label = "Kubelet"
action = "ACCEPT"
protocol = "TCP"
ports = "10250"
ipv4 = local.private_ips
}
inbound {
label = "Wireguard"
action = "ACCEPT"
protocol = "UDP"
ports = "51820"
ipv4 = local.private_ips
}
inbound {
label = "Calico"
action = "ACCEPT"
protocol = "TCP"
ports = "179"
ipv4 = local.private_ips
}
inbound {
label = "Nodeports"
action = "ACCEPT"
protocol = "TCP"
ports = "32136"
ipv4 = ["0.0.0.0/0"]
}
inbound {
label = "ClusterIP_PodsIP"
action = "ACCEPT"
protocol = "TCP"
ports = "1-65535"
ipv4 = ["10.128.0.0/16", "10.2.0.0/16"]
}
The problem is control plane needs to communicate with nodes on port 10250 (kubectl exec for example) And actually I don't have the possibility to get private IPs addresses of control plane.
A netstat on nodes show me
length 135
09:42:40.999909 IP 192.168.178.23.28658 > 192.168.143.54.10250: Flags [R], seq 536968721, win 0, length 0
09:42:40.999965 IP 192.168.178.23.28658 > 192.168.143.54.10250: Flags [R], seq 536968721, win 0, length 0
So I would like retrieve these two IP addresses via ressource linode_lke_cluster to integrate them in a fw rule.
Is that make sense?
New or Affected Terraform Resources
linode_lke_cluster
Potential Terraform Configuration
No response
