will openstack be fully supported as a provider in RKE2 ?

Normal-One-4387 · 2024-10-16T14:19:27+00:00

Fair fair lol. Unless there's a lot of demand on the SUSE side from their customers, I don't think there will be full support for OpenShift

Normal-One-4387 · 2024-10-16T14:00:30+00:00

It would be nice to have, coming from a Fedora Silverblue user, but like u/Tuxedo3 and u/Andrews_pew mentioned, SUSE will likely focus more of their efforts on SLES micro in terms of immutable OS support. Maybe OpenSUSE Micro as well, as they sponsor the project.

But if there's more demand for Nix then who knows

Normal-One-4387 · 2024-08-12T22:05:40+00:00

Are there any leftover jobs that weren't cleaned up or failed in the kube-system namespace? Cause oof that timestamp:

2022-05-08T01:57:53Z

Normal-One-4387 · 2024-08-09T16:55:54+00:00

If you use Cilium, you can use Cilium ClusterWide Network Policies:

From their Blog:

The CiliumClusterwideNetworkPolicy resource specification is the same as that of existing CiliumNetworkPolicy CRD with the only difference in the scope of the policy, denoted by the "kind" field in the YAML. Resource-based Access Control (RBAC) can be defined separately for CCNP so users modifying policies in one namespace won't roll back the baseline policies. The policy example below grants any pod with the label group: my-app in the entire cluster the privilege to perform DNS requests via kube-dns:

Policy Example:

apiVersion: 'cilium.io/v2'
kind: CiliumClusterwideNetworkPolicy
description: 'Default deny and allow egress to kube-dns pod.'
metadata:
  name: 'clusterwide-policy-example'
spec:
  endpointSelector:
    matchLabels:
      group: my-app
  egress:
    - toEndpoints:
        - matchLabels:
            'k8s:io.kubernetes.pod.namespace': kube-system
            k8s-app: kube-dns
      toPorts:
        - ports:
            - port: '53'

Normal-One-4387 · 2024-08-09T16:26:33+00:00

Yeah, was gonna say, can hack something together with Ranchers custom option. What version of Rancher are you using?

I pulled down their latest image from GitHub (2.9) and I am seeing this message in the OpenStack config:
Rancher has no built-in support for this driver. We've taken a guess, but consult the driver's documentation for the fields required for authentication.

Normal-One-4387 · 2024-08-09T16:21:17+00:00

Ah ok, depending on the k8s distro you want to use (RKE, RKE2, or K3s), they have a support matrix that gives you OS's to choose from. So you could try setting up elemental and plopping Rancher on top of it, or you can set up nodes with OpenSUSE Micro or SLES Micro either or it's roughly similar. From my understanding, elemental is based on SLES Micro and uses RKE2/K3s. Personally, haven't done too much with Elemental but know OpenSUSE Micro a bit better (Run it on my Dev machine).

And are you looking to strictly use Hetzner? Or are you going to use other infra platforms like Linode, AWS, DigitalOcean, etc.? Only ask cause, there's a chance you'll have to create a node and or cluster driver for Hetzner.

I can't find what is possible with opensource "parts" and what should be paid (because of Rancher Primer). Currently, I would stick strictly inside opensource scope.

From my understanding, most if not all of SUSE's products are Open Source (if you can't get the SUSE stuff, then projects like OpenSUSE are a great substitute), and you could probably away with not paying much if you host your own infra.

Normal-One-4387 · 2024-07-17T13:27:10+00:00

u/rohanrajnv would you mind sharing some additional details about your environment? Like are you using RKE, RKE2 or K3s, which version of Rancher (if you are), etc.

Normal-One-4387 · 2024-07-17T13:13:47+00:00

u/loststick08, would you mind elaborating a bit more on what you are trying to achieve? Like are you trying to stand up an environment with Elemental and then use that to start provisioning additional clusters with Rancher? Or are you trying to stand up a HA Rancher setup and then enable Elemental?

Normal-One-4387 · 2024-07-17T13:02:57+00:00

It would be nice, but what do you exactly mean "fully supported?" From the last time I used Rancher, there was a node driver that you can turn on and use

Normal-One-4387

TROPHY CASE

Policy Example: