mirror of https://github.com/puppetmaster/typhoon.git synced 2025-02-24 02:01:28 +01:00

History

Dalton Hubble bbbaf949f9 Fix UDP outbound and clock sync timeouts on Azure workers

* Add "lb" outbound rule for worker TCP _and_ UDP traffic
* Fix Azure worker nodes clock synchronization being inactive
due to timeouts reaching the CoreOS / Flatcar NTP pool
* Fix Azure worker nodes not providing outbount UDP connectivity

Background:

Azure provides VMs outbound connectivity either by having a public
IP or via an SNAT masquerade feature bundled with their virtual
load balancing abstraction (in contrast with, say, a NAT gateway).

Azure worker nodes have only a private IP, but are associated with
the cluster load balancer's backend pool and ingress frontend IP.
Outbound traffic uses SNAT with this frontend IP. A subtle detail
with Azure SNAT seems to be that since both inbound lb_rule's are
TCP only, outbound UDP traffic isn't SNAT'd (highlights the reasons
Azure shouldn't have conflated inbound load balancing with outbound
SNAT concepts). However, adding a separate outbound rule and
disabling outbound SNAT on our ingress lb_rule's we can tell Azure
to continue load balancing as before, and support outbound SNAT for
worker traffic of both the TCP and UDP protocol.

Fixes clock synchronization timeouts:

```
systemd-timesyncd[786]: Timed out waiting for reply from
45.79.36.123:123 (3.flatcar.pool.ntp.org)
```

Azure controller nodes have their own public IP, so controllers (and
etcd) nodes have not had clock synchronization or outbound UDP issues

2020-03-31 21:00:16 -07:00

Fix bootstrap regression when networking="flannel"

2020-03-31 18:21:59 -07:00

workers

Rename Container Linux snippets variable for consistency

2020-03-31 18:25:51 -07:00

bootstrap.tf

Update flannel from v0.11.0 to v0.12.0

2020-03-31 18:31:59 -07:00

controllers.tf

Rename Container Linux snippets variable for consistency

2020-03-31 18:25:51 -07:00

lb.tf

Fix UDP outbound and clock sync timeouts on Azure workers

2020-03-31 21:00:16 -07:00

LICENSE

Add new tutorial docs and links

2018-08-27 23:30:32 -07:00

network.tf

Upgrade terraform-provider-azurerm to v2.0+

2020-03-08 17:40:13 -07:00

outputs.tf

Output resource_group_id in Azure (#577 )

2019-10-31 01:05:04 -07:00

README.md

Update docs from Kubernetes v1.17.4 to v1.18.0

2020-03-25 20:28:30 -07:00

security.tf

Enable kube-proxy metrics and allow Prometheus scrapes

2020-01-06 21:11:18 -08:00

ssh.tf

Upgrade terraform-provider-azurerm to v2.0+

2020-03-08 17:40:13 -07:00

variables.tf

Rename Container Linux snippets variable for consistency

2020-03-31 18:25:51 -07:00

versions.tf

Upgrade terraform-provider-azurerm to v2.0+

2020-03-08 17:40:13 -07:00

workers.tf

Rename Container Linux snippets variable for consistency

2020-03-31 18:25:51 -07:00

README.md

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

Minimal, stable base Kubernetes distribution
Declarative infrastructure and configuration
Free (freedom and cost) and privacy-respecting
Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

Kubernetes v1.18.0 (upstream)
Single or multi-master, Calico or flannel networking
On-cluster etcd with TLS, RBAC-enabled, network policy
Advanced features like worker pools, low-priority workers, and snippets customization
Ready for Ingress, Prometheus, Grafana, and other optional addons

Docs

Please see the official docs and the Azure tutorial.