Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use this code with private endpoints #43

Open
rhegde2 opened this issue Jul 12, 2023 · 4 comments
Open

How to use this code with private endpoints #43

rhegde2 opened this issue Jul 12, 2023 · 4 comments

Comments

@rhegde2
Copy link

rhegde2 commented Jul 12, 2023

Hi,
We tried to deploy it against an OKE running on private endpoint. We can't create public endpoint because of our company policies.

So, Resource manager stack is failing with the below error:

Error: Kubernetes cluster unreachable: Get "https://<PRIVATE_IP>:6443/version": dial tcp <PRIVATE_IP>:6443: i/o timeout

We tried with creating a reachable IP and no luck.

Kindly suggest.
@santhoshkvuda
Copy link
Member

The private endpoint support for installation through Resource Manager is not yet available, it would come in upcoming releases. You may try using the helm chart based installation as an alternative.

@rhegde2
Copy link
Author

rhegde2 commented Jul 13, 2023

hi @santhoshkvuda Thanks a lot for your inputs.

Any tentative date for the upcoming release?

@consiahras
Copy link

One more thing to add is that even you create an oci_resourcemanager_private_endpoint and then use , and use it on your Help configuration for example like:

resource "oci_resourcemanager_private_endpoint" "rms_pe" {
  compartment_id = var.compartment_ocid
  display_name   = var. display_name
  description       =  var. description
  vcn_id              = var.vcn_id
  subnet_id        = var.subnet_id
}

And then get the Reachable IP from the datasource

data "oci_resourcemanager_private_endpoint_reachable_ip" "rms_pe_reachable_ip_address" {
  private_endpoint_id = oci_resourcemanager_private_endpoint.rms_pe.id
  private_ip          = "<OKE_API_endpoint>"
}

provider "helm" {
  kubernetes {
    host                   = "https://${data.oci_resourcemanager_private_endpoint_reachable_ip.rms_pe_reachable_ip_address.ip_address}:6443"
    cluster_ca_certificate = local.cluster_ca_certificate
    exec {
      api_version = "client.authentication.k8s.io/v1beta1"
      args        = ["ce", "cluster", "generate-token", "--cluster-id", local.cluster_id, "--region", local.cluster_region]
      command     = "oci"
    }
  }
}

You are able to reach out to the Cluster the OKE is still unreachable with the error:

Error: Kubernetes cluster unreachable: Get "https://<REACHABLE_IP>:6443/version": x509: certificate is valid for ...... 168.254.5.1, 127.0.0.1, not <REACHABLE_IP>

@Tyson1986
Copy link

I believe this article describes the fix
https://docs.oracle.com/en/learn/logging-for-private-oke-cluster/index.html
It didn't worked for me, but I believe it is my Private Endpoint setup issues. In general seem to be the fix for your problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Tyson1986 @consiahras @rhegde2 @santhoshkvuda