From 915af3c6cc3ea735aee20f977041d97547ba2b02 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Mon, 19 Nov 2018 22:45:02 -0800 Subject: [PATCH] Fix Calico Felix reporting usage data, require opt-in * Calico Felix has been reporting anonymous usage data about the version and cluster size, which violates Typhoon's privacy policy where analytics should be opt-in only * Add a variable enable_reporting (default: false) to allow opting in to reporting usage data to Calico (or future components) --- CHANGES.md | 2 ++ aws/container-linux/kubernetes/bootkube.tf | 3 ++- aws/container-linux/kubernetes/variables.tf | 6 ++++++ aws/fedora-atomic/kubernetes/bootkube.tf | 3 ++- aws/fedora-atomic/kubernetes/variables.tf | 6 ++++++ azure/container-linux/kubernetes/bootkube.tf | 3 ++- azure/container-linux/kubernetes/variables.tf | 6 ++++++ bare-metal/container-linux/kubernetes/bootkube.tf | 3 ++- bare-metal/container-linux/kubernetes/variables.tf | 6 ++++++ bare-metal/fedora-atomic/kubernetes/bootkube.tf | 3 ++- bare-metal/fedora-atomic/kubernetes/variables.tf | 6 ++++++ digital-ocean/container-linux/kubernetes/bootkube.tf | 3 ++- digital-ocean/container-linux/kubernetes/variables.tf | 6 ++++++ digital-ocean/fedora-atomic/kubernetes/bootkube.tf | 3 ++- digital-ocean/fedora-atomic/kubernetes/variables.tf | 6 ++++++ google-cloud/container-linux/kubernetes/bootkube.tf | 3 ++- google-cloud/container-linux/kubernetes/variables.tf | 6 ++++++ google-cloud/fedora-atomic/kubernetes/bootkube.tf | 3 ++- google-cloud/fedora-atomic/kubernetes/variables.tf | 6 ++++++ 19 files changed, 74 insertions(+), 9 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c8dbe134..ff7b8d92 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,11 +6,13 @@ Notable changes between versions. * Change kube-apiserver `--kubelet-preferred-address-types` to InternalIP,ExternalIP,Hostname * Update Calico from v3.3.0 to [v3.3.1](https://docs.projectcalico.org/v3.3/releases/) + * Disable Felix usage reporting by default ([#345](https://github.com/poseidon/typhoon/pull/345)) * Improve flannel manifests * [Rename](https://github.com/poseidon/terraform-render-bootkube/commit/d045a8e6b8eccfbb9d69bb51953b5a93d23f67f7) `kube-flannel` DaemonSet to `flannel` and `kube-flannel-cfg` ConfigMap to `flannel-config` * [Drop](https://github.com/poseidon/terraform-render-bootkube/commit/39f9afb3360ec642e5b98457c8bd07eda35b6c96) unused mounts and add a CPU resource request * Update CoreDNS from v1.2.4 to [v1.2.6](https://coredns.io/2018/11/05/coredns-1.2.6-release/) * Enable CoreDNS `loop` and `loadbalance` plugins ([#340](https://github.com/poseidon/typhoon/pull/340)) +* Add `enable_reporting` variable (default "false") to provide upstreams with usage data ([#345](https://github.com/poseidon/typhoon/pull/345)) * Use kubernetes-incubator/bootkube v0.14.0 #### Azure diff --git a/aws/container-linux/kubernetes/bootkube.tf b/aws/container-linux/kubernetes/bootkube.tf index 071d0419..30102928 100644 --- a/aws/container-linux/kubernetes/bootkube.tf +++ b/aws/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -11,4 +11,5 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" } diff --git a/aws/container-linux/kubernetes/variables.tf b/aws/container-linux/kubernetes/variables.tf index 73db5c70..8ccfdd43 100644 --- a/aws/container-linux/kubernetes/variables.tf +++ b/aws/container-linux/kubernetes/variables.tf @@ -134,3 +134,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/aws/fedora-atomic/kubernetes/bootkube.tf b/aws/fedora-atomic/kubernetes/bootkube.tf index ffccb8f6..792f47eb 100644 --- a/aws/fedora-atomic/kubernetes/bootkube.tf +++ b/aws/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -11,6 +11,7 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" # Fedora trusted_certs_dir = "/etc/pki/tls/certs" diff --git a/aws/fedora-atomic/kubernetes/variables.tf b/aws/fedora-atomic/kubernetes/variables.tf index 897ab3f8..995bee79 100644 --- a/aws/fedora-atomic/kubernetes/variables.tf +++ b/aws/fedora-atomic/kubernetes/variables.tf @@ -116,3 +116,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/azure/container-linux/kubernetes/bootkube.tf b/azure/container-linux/kubernetes/bootkube.tf index 1dc1368e..d8f77c51 100644 --- a/azure/container-linux/kubernetes/bootkube.tf +++ b/azure/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -10,4 +10,5 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" } diff --git a/azure/container-linux/kubernetes/variables.tf b/azure/container-linux/kubernetes/variables.tf index 5fdd4466..d55e4bc8 100644 --- a/azure/container-linux/kubernetes/variables.tf +++ b/azure/container-linux/kubernetes/variables.tf @@ -115,3 +115,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/bare-metal/container-linux/kubernetes/bootkube.tf b/bare-metal/container-linux/kubernetes/bootkube.tf index e254ce49..cf454df0 100644 --- a/bare-metal/container-linux/kubernetes/bootkube.tf +++ b/bare-metal/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${var.k8s_domain_name}"] @@ -12,4 +12,5 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" } diff --git a/bare-metal/container-linux/kubernetes/variables.tf b/bare-metal/container-linux/kubernetes/variables.tf index c44b9066..da09eeee 100644 --- a/bare-metal/container-linux/kubernetes/variables.tf +++ b/bare-metal/container-linux/kubernetes/variables.tf @@ -141,3 +141,9 @@ variable "kernel_args" { type = "list" default = [] } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/bare-metal/fedora-atomic/kubernetes/bootkube.tf b/bare-metal/fedora-atomic/kubernetes/bootkube.tf index ec6411bc..8fb4a3fb 100644 --- a/bare-metal/fedora-atomic/kubernetes/bootkube.tf +++ b/bare-metal/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${var.k8s_domain_name}"] @@ -11,6 +11,7 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" # Fedora trusted_certs_dir = "/etc/pki/tls/certs" diff --git a/bare-metal/fedora-atomic/kubernetes/variables.tf b/bare-metal/fedora-atomic/kubernetes/variables.tf index ca375285..141bddef 100644 --- a/bare-metal/fedora-atomic/kubernetes/variables.tf +++ b/bare-metal/fedora-atomic/kubernetes/variables.tf @@ -110,3 +110,9 @@ variable "kernel_args" { type = "list" default = [] } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/digital-ocean/container-linux/kubernetes/bootkube.tf b/digital-ocean/container-linux/kubernetes/bootkube.tf index e78abf06..ef867c56 100644 --- a/digital-ocean/container-linux/kubernetes/bootkube.tf +++ b/digital-ocean/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -11,4 +11,5 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" } diff --git a/digital-ocean/container-linux/kubernetes/variables.tf b/digital-ocean/container-linux/kubernetes/variables.tf index a374509b..535797e6 100644 --- a/digital-ocean/container-linux/kubernetes/variables.tf +++ b/digital-ocean/container-linux/kubernetes/variables.tf @@ -92,3 +92,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf index f14921bb..37ffb6e7 100644 --- a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf +++ b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -11,6 +11,7 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" # Fedora trusted_certs_dir = "/etc/pki/tls/certs" diff --git a/digital-ocean/fedora-atomic/kubernetes/variables.tf b/digital-ocean/fedora-atomic/kubernetes/variables.tf index 2a2a7ecb..accbb096 100644 --- a/digital-ocean/fedora-atomic/kubernetes/variables.tf +++ b/digital-ocean/fedora-atomic/kubernetes/variables.tf @@ -85,3 +85,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/google-cloud/container-linux/kubernetes/bootkube.tf b/google-cloud/container-linux/kubernetes/bootkube.tf index e200f768..bc677a34 100644 --- a/google-cloud/container-linux/kubernetes/bootkube.tf +++ b/google-cloud/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -11,6 +11,7 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" // temporary apiserver_port = 443 diff --git a/google-cloud/container-linux/kubernetes/variables.tf b/google-cloud/container-linux/kubernetes/variables.tf index 381087a4..61d1cdf4 100644 --- a/google-cloud/container-linux/kubernetes/variables.tf +++ b/google-cloud/container-linux/kubernetes/variables.tf @@ -115,3 +115,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +} diff --git a/google-cloud/fedora-atomic/kubernetes/bootkube.tf b/google-cloud/fedora-atomic/kubernetes/bootkube.tf index c94eb021..7b350773 100644 --- a/google-cloud/fedora-atomic/kubernetes/bootkube.tf +++ b/google-cloud/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=3d9f957aecf9c7fb53b9ec07be2ecfa9ea2692f8" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=dbf67da1cbd4c3036e3b551850d3a51b5fc4ee7c" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] @@ -11,6 +11,7 @@ module "bootkube" { pod_cidr = "${var.pod_cidr}" service_cidr = "${var.service_cidr}" cluster_domain_suffix = "${var.cluster_domain_suffix}" + enable_reporting = "${var.enable_reporting}" # Fedora trusted_certs_dir = "/etc/pki/tls/certs" diff --git a/google-cloud/fedora-atomic/kubernetes/variables.tf b/google-cloud/fedora-atomic/kubernetes/variables.tf index 60185aa8..4866b1c0 100644 --- a/google-cloud/fedora-atomic/kubernetes/variables.tf +++ b/google-cloud/fedora-atomic/kubernetes/variables.tf @@ -102,3 +102,9 @@ variable "cluster_domain_suffix" { type = "string" default = "cluster.local" } + +variable "enable_reporting" { + type = "string" + description = "Enable usage or analytics reporting to upstreams (Calico)" + default = "false" +}