https://rancher.com/ logo
#rke2
Title
# rke2
a

adamant-kite-43734

02/02/2023, 6:29 PM
This message was deleted.
c

creamy-pencil-82913

02/02/2023, 6:38 PM
the static pods are managed by RKE2. There is no way to inject additional containers into the control-plane static pods.
you could edit them on disk but they will be regenerated whenever rke2 starts
what specifically are you trying to do with your sidecar?
b

broad-petabyte-50341

02/02/2023, 6:41 PM
I have a reverse proxy that I'm trying to put right next to the kube-apiserver to allow me to use kubectl with all ports closed.
so a reverse proxy client
so the only way to make this happen would be to do it before start up?
c

creamy-pencil-82913

02/02/2023, 6:43 PM
I mean you could edit the static pods but that is 1) not supported 2) going to be undone every time you restart rke2
other thing running on the node do need the apiserver to actually be accessible, if you lock it down somehow other stuff in the cluster is going to break
why not just deploy your reverse proxy thing as a pod in the cluster that connects to the in-cluster apiserver endpoint? Why would it need to be a sidecar?
Making the apiserver inaccessible is going to break pretty much everything
b

broad-petabyte-50341

02/02/2023, 6:45 PM
it would still be internally accessible, would just be closing off anything from outside the cluster
c

creamy-pencil-82913

02/02/2023, 6:45 PM
ok so just run it as a pod and leave the apiserver alone
if it’s still accessible internally then I don’t understand why it needs to be a sidecar
b

broad-petabyte-50341

02/02/2023, 6:47 PM
that does work, and that's what I've going at the moment, but I'd like to hit the kube-apiserver without using kubedns
c

creamy-pencil-82913

02/02/2023, 6:48 PM
the apiserver is always at the first address in the service IP range, you could rely on that fact, or use the KUBERNETES_SERVICE_HOST environment variable via downwards API… there are a lot of different ways to do what you want without having to hack at the static pod
why don’t you want to use dns?
b

broad-petabyte-50341

02/02/2023, 6:50 PM
KUBERNETES_SERVICE_HOST
would allow me to specifly directly where to send traffic from my pod?
c

creamy-pencil-82913

02/02/2023, 6:51 PM
just run
env
in a pod, look at what you see
b

broad-petabyte-50341

02/02/2023, 6:51 PM
the problem isn't necessarily DNS, more just getting traffic directly to its destination in as few steps as possible
that's the address of kubeDNS right?
in KUBERNETES_SERVICE_HOST
c

creamy-pencil-82913

02/02/2023, 6:52 PM
no, that’s the address of the Kubernetes service
b

broad-petabyte-50341

02/02/2023, 6:53 PM
mmmm right right
ok
3 Views