-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patching v3 #21
Patching v3 #21
Conversation
rwaffen
commented
Mar 9, 2023
- include firewall class for dependency packages
- add ubuntu 22.04 and module dependencies to metadata
- move kubectl and kubeadm to generic install classes
- add firewall also for non firewalld systems
- add kubeadm tool to controller
- update class documentation
- add module dependency for augeasproviders_core
- add dependencies between sysctl and kmod
- require file kubectl before using it
- allow to set advertise_address
- doing class after class - it's tidious
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would break literally every single one of the clusters that I currently manage, firewalld has absolutely nothing to do with the OS family.
If you need to have non-firewalld rules, then it'd be better to turn manage_firewall
into some kind of other datatype - maybe Variant[Boolean, Enum['firewalld','iptables']]
where iptable rules are created if it's set to iptables
oh okay. isn't firewalld only a RedHat thing? the module the resources are from supports only RedHat systems. And i never saw firewalld on a ubuntu, does this work? |
firewalld may only be the default firewall manager for RHEL 7 and derivates - as well as some other assorted smaller distributions, but it works on almost all other Linux distros as well. Including Debian and Ubuntu. Perhaps the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some questions.
- add firewall selection - add toggle for kubeadm - document ensure parameter
My thought on the firewall questions; If the user doesn't want to provide their own firewall, then having the ports be open on the It's probably best to note that the provided firewall is simple and likely not safe against attacks though. |
Question: should we add firewall and firewalld module as dependency to metadata.json? |
it is already in here. see the changed files/metadata.json. |
OK. Already reviewed and unchanged, so the file did not show up. Sorry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, this all looks good to me now, excepting some minor nitpicks in the documentation language - which is still leagues better than it not existing at all.