https://rancher.com/ logo
Join Slack
Powered by
Hi! It looks like the Flannel Community Meeting do...
# k3s
b
Hi! It looks like the Flannel Community Meeting doc is private? I was hoping to attend the meeting this week but the teams link is in that doc.
It says Flannel maintainers are likely in this channel 😄
c
cc @bland-account-99790
❤️ 1
Most of the flannel maintainers are EU based
b
ahhh. good to know! Thank you!
b
oh, really? let me check that
Oh, NVIDIA created that document and they changed something in their policy. Not everyone can read the document now
@plain-byte-79620 @full-afternoon-93056 I think we should create a new document
@bland-insurance-68816 anything specific you wanted to discuss? In the last months, nobody was joining the meeting 😞
1
p
I thought I recreated it when changed the meeting to meet from teams.
b
maybe you forgot to update the README?
p
nope I updated it.
just we didn't create a new one
b
I think we need a new one. The owner of the document is rajatc@nvidia.com
b
Hey!
I just wanted to discuss my pr, which was merged. So I'm happy as a clam. Thank you.
Ya'll restored my faith in oss, since so many pr's just languish 😄
🙂 1
I'm doing split CNI and I'll probably regret it
b
@bland-insurance-68816 what do you mean by split CNI?
b
well, my coworker is now saying this is bad. We use multicloud and we want to run flannel for the non-aws side of the network and aws-vpc-cni for the aws side
I got it working but it just smells wrong to me 😞
so we will likely split the cluster into two: one eks side with all the aws ecosystem and one side very light and just k3s with in-built flannel
I literally just got everything working when he said "let's break this into two clusters" so now I have to restart the whole thing 😞
c
Yeahhh I am not aware of anyone that has successfully run clusters with different CNIs for different subsets of nodes. You’re going to be essentially split-braining your cluster and at that point… why not just make two clusters.
I guess it might work as long as pods on either side of the split never needed to communicate, but why?
b
They never do really. The non-aws side is just gpu training
the goal was to get all the AWS goodness and still be able to use non-aws nodes too
While it is possible, it definitely appears to be a mess
Lesson learned.
Is there a way to get AWS auth in K3s the way we get it in EKS?
(ie: I can use my AWS access to access the cluster, not IRSA)
c
Yes, by I think there’s some way to do it by setting --oidc-* flags on the apiserver so that it trusts the token generated by aws, but the documentation for doing so is poor because AWS doesn’t really care about anyone who’s not using EKS.
maybe they’ve improved it, I haven’t tried in a while
looks like they’re recommending use of aws private ca instead of tokens now
this looks way more complicated though
Open in Slack
PreviousNext
Powered by