History

Dalton Hubble bbbaf949f9 Fix UDP outbound and clock sync timeouts on Azure workers * Add "lb" outbound rule for worker TCP _and_ UDP traffic * Fix Azure worker nodes clock synchronization being inactive due to timeouts reaching the CoreOS / Flatcar NTP pool * Fix Azure worker nodes not providing outbount UDP connectivity Background: Azure provides VMs outbound connectivity either by having a public IP or via an SNAT masquerade feature bundled with their virtual load balancing abstraction (in contrast with, say, a NAT gateway). Azure worker nodes have only a private IP, but are associated with the cluster load balancer's backend pool and ingress frontend IP. Outbound traffic uses SNAT with this frontend IP. A subtle detail with Azure SNAT seems to be that since both inbound lb_rule's are TCP only, outbound UDP traffic isn't SNAT'd (highlights the reasons Azure shouldn't have conflated inbound load balancing with outbound SNAT concepts). However, adding a separate outbound rule and disabling outbound SNAT on our ingress lb_rule's we can tell Azure to continue load balancing as before, and support outbound SNAT for worker traffic of both the TCP and UDP protocol. Fixes clock synchronization timeouts: ``` systemd-timesyncd[786]: Timed out waiting for reply from 45.79.36.123:123 (3.flatcar.pool.ntp.org) ``` Azure controller nodes have their own public IP, so controllers (and etcd) nodes have not had clock synchronization or outbound UDP issues		2020-03-31 21:00:16 -07:00
..
cl	Fix bootstrap regression when networking="flannel"	2020-03-31 18:21:59 -07:00
workers	Rename Container Linux snippets variable for consistency	2020-03-31 18:25:51 -07:00
LICENSE	Add new tutorial docs and links	2018-08-27 23:30:32 -07:00
README.md	Update docs from Kubernetes v1.17.4 to v1.18.0	2020-03-25 20:28:30 -07:00
bootstrap.tf	Update flannel from v0.11.0 to v0.12.0	2020-03-31 18:31:59 -07:00
controllers.tf	Rename Container Linux snippets variable for consistency	2020-03-31 18:25:51 -07:00
lb.tf	Fix UDP outbound and clock sync timeouts on Azure workers	2020-03-31 21:00:16 -07:00
network.tf	Upgrade terraform-provider-azurerm to v2.0+	2020-03-08 17:40:13 -07:00
outputs.tf	Output resource_group_id in Azure (#577 )	2019-10-31 01:05:04 -07:00
security.tf	Enable kube-proxy metrics and allow Prometheus scrapes	2020-01-06 21:11:18 -08:00
ssh.tf	Upgrade terraform-provider-azurerm to v2.0+	2020-03-08 17:40:13 -07:00
variables.tf	Rename Container Linux snippets variable for consistency	2020-03-31 18:25:51 -07:00
versions.tf	Upgrade terraform-provider-azurerm to v2.0+	2020-03-08 17:40:13 -07:00
workers.tf	Rename Container Linux snippets variable for consistency	2020-03-31 18:25:51 -07:00

README.md

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

Minimal, stable base Kubernetes distribution
Declarative infrastructure and configuration
Free (freedom and cost) and privacy-respecting
Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

Kubernetes v1.18.0 (upstream)
Single or multi-master, Calico or flannel networking
On-cluster etcd with TLS, RBAC-enabled, network policy
Advanced features like worker pools, low-priority workers, and snippets customization
Ready for Ingress, Prometheus, Grafana, and other optional addons

Docs

Please see the official docs and the Azure tutorial.