Tags: elafarge/karch
Tags
Assert compatibility with Kubernetes 1.12 This commit adds three things: - the code has been upgraded regarding new best practices for working with Terraform 0.19 - it is now possible to enable/disable kops' etcd-manager: https://github.com/kubernetes/kops/blob/master/docs/etcd/manager.md - we've tested upgrades and deployments of Kubernetes 1.12... successfully :)
[BREAKING] Update for Terraform v0.12 THIS IS A MAJOR BREAKING UPDATE, USING THIS NEW VERSION OF THE KARCH MODULE REQUIRES TO UPGRADE TERRAFORM TO VERSION V0.12.0 AT LEAST. This commit makes the karch module compatible with Terraform v0.12.0. ------ It also adds the ability to associate VPCs with the created Route53 zone in which the Kubernetes cluster lives. That's useful, for instance, to bind this zone with a VPN VPC. This is necessary since the AWS provider now imposes that all VPC associations are created within the "aws_route53_zone" block. Bofore, people were using the external aws_route53_zone_association resource, which is strongly not recommended any more: https://www.terraform.io/docs/providers/aws/r/route53_zone_association.html NOTE: THIS COMMIT BREAKS BACKWARD COMPATIBILITY WITH TERRAFORM VERSIONS PRIOR TO V0.12.0
Networking and DNS enhancement - Setting parameters for Calico CNI is possible. As a matter of fact, I'm switching a few production clusters back to Calico (they were on Cilium before but load balancing issues led me to a necessary roll-back ;-(). - Using CoreDNS is now possible (and is the default). - It's now possible to have the kube-proxy (and Calico as a consequence) use IPVS for Service -> Pods load balancing
Make a default security group settable for our LBs For LBs created as part of a LoadBalancer kubernetes services, this commit adds the ability to set a security group for this LB. What this makes possible is to apply this SG to both nodes and LBs and allow "self" traffic on the k8s node port range (30000-32767). This way, load balancers (in the same VPC) can target services without the need to add a the whole VPC CIDR range to the node's security group.
PreviousNext