Comments (10)
squat
commented on July 26, 2024
1
@apetresc we have just merged a PR for this bug upstream. It was introduced during a recent TLS refactor. I am porting the fix to our 1.7.9 release branch. The fix will be available in an upcoming patch release: 1.7.9+tectonic.2. I will update this issue once that is ready.
from terraform-aws-kubernetes.
robszumski
commented on July 26, 2024
Which version of Terraform were you using with this attempt?
from terraform-aws-kubernetes.
apetresc
commented on July 26, 2024
@robszumski The latest - 0.10.8.
from terraform-aws-kubernetes.
apetresc
commented on July 26, 2024
I just tested again, by the way, to see if something had changed in terraform in the last 20 days that would fix this. Nope, it fails with the exact same error.
from terraform-aws-kubernetes.
squat
commented on July 26, 2024
@apetresc can you please try once more but with a tagged version of the module? Iโve noticed otherwise that the chosen version isnโt always the latest. Please try with the v1.7.5 release and post the result of terraform apply.
from terraform-aws-kubernetes.
apetresc
commented on July 26, 2024
Okay, so I changed the source line to:
source = "git::https://github.com/coreos/terraform-aws-kubernetes.git?ref=1.7.5-tectonic.1"
flushed out .terraform/modules, re-did terraform get, and re-did terraform apply. I got a different error this time, although it still appears to be related to the TLS cert:
Error: Error applying plan:
10 error(s) occurred:
* module.kubernetes.module.bootkube.data.template_file.kubeconfig: data.template_file.kubeconfig: failed to render : 4:11: unknown variable accessed: cluster_name
* module.kubernetes.module.kube_certs.tls_cert_request.apiserver: 1 error(s) occurred:
* tls_cert_request.apiserver: unexpected EOF
* module.kubernetes.module.etcd_certs.tls_private_key.etcd_server: 1 error(s) occurred:
* tls_private_key.etcd_server: unexpected EOF
* module.kubernetes.module.kube_certs.local_file.kubelet_crt: Resource 'tls_locally_signed_cert.kubelet' not found for variable 'tls_locally_signed_cert.kubelet.cert_pem'
* module.kubernetes.module.ingress_certs.tls_locally_signed_cert.ingress: Resource 'tls_cert_request.ingress' not found for variable 'tls_cert_request.ingress.cert_request_pem'
* module.kubernetes.module.kube_certs.tls_locally_signed_cert.kubelet: connection is shut down
* module.kubernetes.module.etcd_certs.tls_locally_signed_cert.etcd_client: connection is shut down
* module.kubernetes.module.ingress_certs.tls_cert_request.ingress: connection is shut down
* module.kubernetes.module.identity_certs.tls_locally_signed_cert.identity_server: connection is shut down
* module.kubernetes.module.identity_certs.tls_locally_signed_cert.identity_client: connection is shut down
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Am I doing something wrong this time? I was still using the exact same config from above.
from terraform-aws-kubernetes.
aknuds1
commented on July 26, 2024
I'm having the same error if I disable tectonic_aws_private_endpoints, while tectonic_aws_public_endpoints is enabled. Using the latest Tectonic Installer from GitHub and terraform v0.10.8.
from terraform-aws-kubernetes.
s-urbaniak
commented on July 26, 2024
found the root cause of the issue:
https://github.com/coreos/tectonic-installer/blob/fe127b8/platforms/aws/tectonic.tf#L12 and https://github.com/coreos/tectonic-installer/blob/fe127b8/platforms/aws/tectonic.tf#L31 reference module.dns.api_internal_fqdn and module.dns.ingress_internal_fqdn, but these are not generated if tectonic_aws_private_endpoints = false (which disables internal DNS zones).
We need to have ternaries here which reference the external FQDNs if the internal zone is disabled:
diff --git a/platforms/aws/tectonic.tf b/platforms/aws/tectonic.tf
index 2973e07a..239f3ed3 100644
--- a/platforms/aws/tectonic.tf
+++ b/platforms/aws/tectonic.tf
@@ -9,7 +9,7 @@ module "kube_certs" {
ca_cert_pem = "${var.tectonic_ca_cert}"
ca_key_alg = "${var.tectonic_ca_key_alg}"
ca_key_pem = "${var.tectonic_ca_key}"
- kube_apiserver_url = "https://${module.dns.api_internal_fqdn}:443"
+ kube_apiserver_url = "https://${var.tectonic_aws_private_endpoints ? module.dns.api_internal_fqdn : module.dns.api_external_fqdn}:443"
service_cidr = "${var.tectonic_service_cidr}"
validity_period = "${var.tectonic_tls_validity_period}"
}
@@ -28,7 +28,7 @@ module "etcd_certs" {
module "ingress_certs" {
source = "../../modules/tls/ingress/self-signed"
- base_address = "${module.dns.ingress_internal_fqdn}"
+ base_address = "${var.tectonic_aws_private_endpoints ? module.dns.ingress_internal_fqdn : module.dns.ingress_external_fqdn}"
ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
ca_key_alg = "${module.kube_certs.ca_key_alg}"
ca_key_pem = "${module.kube_certs.ca_key_pem}"
I will set up a PR for this one. Thanks for reporting this issue!
from terraform-aws-kubernetes.
apetresc
commented on July 26, 2024
Perfect. Thank you so much :)
from terraform-aws-kubernetes.
squat
commented on July 26, 2024
1.7.9+tectonic.2 is out. Closing this :)
from terraform-aws-kubernetes.
Related Issues (20)
- module kubernetes.root: module container_linux: required variable "version" not set HOT 4
- Now work with terraform > v.0.11.0 HOT 1
- Fail when try to use autogenerated cert HOT 3
- destroy runs like apply HOT 1
- The kubeconfig in the S3 bucket is missing a name
- module.kube_certs.output.id issue - list vs string HOT 3
- Incorrect spelling of console HOT 1
- Cluster unreachable after create HOT 3
- Running only master in public subnet HOT 2
- 'terraform get' can't download modules as expected HOT 3
- terraform init - errors HOT 1
- Customize the deployment HOT 3
- Terraform init error variables-ignition.tf
- Error:unknown variable accessed: kube_dns_service_ip HOT 2
- Feature request: Custom node configuration HOT 1
- errors in apply due to some kind of eventual consistency issue? HOT 3
- Terraform plan errors if `tectonic_base_domain` is a variable HOT 4
- Running `terraform get` is bandwidth and disk intensive.
- Fresh deployment fails with TLS error (no PEM block found in ca_private_key_pem) when using a self-signed CA certificate HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-kubernetes.