This message was deleted Rancher Users #neuvector-security

Join Slack

This message was deleted.

# neuvector-security

adamant-kite-43734

04/22/2024, 10:37 PM

This message was deleted.

🙏 1

hundreds-evening-84071

04/22/2024, 10:38 PM

Thank you

quaint-candle-18606

04/23/2024, 9:22 PM

didi you make it??? 😄

hundreds-evening-84071

04/23/2024, 9:23 PM

I wish - too many fires to put out

quaint-candle-18606

04/23/2024, 9:23 PM

can relate

hundreds-evening-84071

04/23/2024, 9:23 PM

Does the Rodeo get into details of setting up Federation Master and such ? Or that is too advanced

hundreds-evening-84071

04/23/2024, 9:24 PM

or too much to do in 1 rodeo

quaint-candle-18606

04/23/2024, 9:24 PM

It doesn’t go into that part; just only so much time

✔️ 1

quaint-candle-18606

04/23/2024, 9:24 PM

Because somebody asked about it, we did show it off a little bit in today’s rodeo.

quaint-candle-18606

04/23/2024, 9:25 PM

It’s something that’s been on my to do list for a very long time: make a video about how to do federation. It’s pretty easy, but only after you’ve seen it done once.

hundreds-evening-84071

04/23/2024, 9:27 PM

If I just have this in values.yaml is that enough (for mastersvc) ?

Copy code

controller:
  federation:
    mastersvc:
      type: NodePort

hundreds-evening-84071

04/23/2024, 9:29 PM

I need to just try that and perhaps other mastersvc parameters listed in docs

quaint-candle-18606

04/23/2024, 9:32 PM

they both need to be “turned on”

quaint-candle-18606

04/23/2024, 9:33 PM

a la point #6 here https://open-docs.neuvector.com/deploying/kubernetes/#deploy-neuvector

hundreds-evening-84071

04/23/2024, 9:50 PM

https://media1.giphy.com/media/3ohs7JG6cq7EWesFcQ/200.gif▾

hundreds-evening-84071

04/24/2024, 5:19 PM

I am doing this on-prim so deployed metallb and added IP pool range Have 2 x 3-nodes RKE2 clusters... So one will be Fed-Master and another Fed-Worker On Master NV is running, and added this yaml

Copy code

apiVersion: v1
kind: Service
metadata:
  name: neuvector-service-controller-fed-master
  namespace: cattle-neuvector-system
spec:
  ports:
  - port: 11443
    name: fed
    protocol: TCP
  type: LoadBalancer
  selector:
    app: neuvector-controller-pod

On Worker, same setup as above except added this yaml

Copy code

apiVersion: v1
kind: Service
metadata:
  name: neuvector-service-controller-fed-worker
  namespace: cattle-neuvector-system
spec:
  ports:
  - port: 10443
    name: fed
    protocol: TCP
  type: LoadBalancer
  selector:
    app: neuvector-controller-pod

After deploying above yamls, I see On Fed-Master Loadbalancer IP was added to svc and ports 11443 On Fed-Worker Loadbalancer IP was added to svc and ports 10443 On Master, in the UI - promoted that cluster and generated token On Worker, in the UI - pasted the token and for Controller server added LB IP address I have on Fed-Worker cluster But this results in time out with error:

quaint-candle-18606

04/24/2024, 5:20 PM

That looks to me like your clusters cannot talk to each other via the IPs and service ports.

hundreds-evening-84071

04/24/2024, 5:22 PM

you are correct, when I use nc command to the port from worker it does not connect. But it does locally from same cluster

hundreds-evening-84071

04/24/2024, 5:22 PM

let me do some digging

👍 1

3 Views

Open in Slack

Previous Next