dev-scripts: Change apiServerURL for setup-fleet-downstream #2052
Conversation
|
I hope this configuration will be more reliable across different systems than the previous one(s) due to the fact that the communication is internal and uses the internal DNS names. |
54b76fa to
1d713d0
Compare
|
|
||
| kubectl config use-context "$downstream_ctx" | ||
| helm -n cattle-fleet-system upgrade --install --create-namespace --wait fleet-agent charts/fleet-agent \ | ||
| --set-string labels.env=test \ | ||
| --set apiServerCA="$ca" \ | ||
| --set apiServerURL="https://$public_hostname:36443" \ |
There was a problem hiding this comment.
This is the value from https://github.com/rancher/fleet/blob/main/dev/setup-k3d, though
There was a problem hiding this comment.
--api-port 6550 is not required for the example to work.
It’s used to have k3s‘s API-Server listening on port 6550 with that port mapped to the host system.
-- https://k3d.io/v5.0.0/usage/exposing_services/
Another explanation for how --api-port works.
As this maps the port to the host system and the idea is to not involve the host system for cluster registrations by going through the Kubernetes internal service, I don't see why it would cause an issue not to use it.
The dev scripts failed to work on a customized setup of docker where
/etc/docker/daemon.jsoncontains the following JSON to prevent conflicts on the host with a different configuration.{ "bip": "172.26.0.1/16", "default-address-pools": [ { "base": "172.27.0.0/16", "size": 24 }, { "base": "172.28.0.0/16", "size": 24 }, { "base": "172.29.0.0/16", "size": 24 }, { "base": "172.30.0.0/16", "size": 24 }, { "base": "172.31.0.0/16", "size": 24 }, { "base": "172.32.0.0/16", "size": 24 } ] }The update makes the certificate usable for the internal DNS name of the upstream cluster. The
apiServerURLis then configured to talk to the upstream server directly rather than through the bridge of the host.Refers to #XXX