Dustin
473e279a18
Lately, cloud nodes seem to be failing to come up more frequently. I traced this down to the fact that `/etc/resolv.conf` in the `kube-proxy` container contains both the AWS-provided DNS server and the on-premises server set by Wireguard. This evidently "works" correctly sometimes, but not always. When it doesn't, the `kube-proxy` cannot resolve the Kubernetes API server address, and thus cannot create the necessary netfilter rules to forward traffic correctly. This causes pods to be unable to communicate. I am not entirely sure what the "correct" solution to this problem would be, since there are various issues in play here. Fortunately, cloud nodes are only ever around for a short time, and never need to be rebooted. As such, we can use a "quick fix" and simply remove the AWS-provided DNS configuration. |
||
|---|---|---|
| .. | ||
| .gitattributes | ||
| .gitignore | ||
| .terraform.lock.hcl | ||
| README.md | ||
| asg.tf | ||
| eventbridge.tf | ||
| iam-policy.json | ||
| main.tf | ||
| sns.tf | ||
| terraform.tfstate | ||
| userdata.yml | ||
| variables.tf | ||
README.md
Configuring AWS Using Terraform
Prerequisites
The IAM user or role that runs Terraform must have the appropriate permissions.
The iam-policy.json file defines a policy that will allow the Terraform to
manage all of the necessary resources. Before running Terraform, create an IAM
policy and assign it to a user, group, or role. Be sure to replace the AWS
account ID in the various target resource names.
To use an IAM role, set the iam_role Terraform variable when executing
terraform plan/terraform apply.
Create Resources
Terraform will create all resources automatically:
terraform apply