Fix Typhoon CI stage + add support for K8s 1.20 #1147
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Recently the Fedora CoreOS node image used by the Typhoon k8s distro has strengthened their SSH policy to restrict RSA keys from being accepted. This causes the
remote-exec
provisioner in Terraform to fail to connect to such nodes and thus fail to properly provision the cluster. The reason for the failure is that the provisioner is using the crypto facilities built into Go which don't yet support the types of keys required by the new Fedora.Detailed explanation here: poseidon/typhoon#915
To work around this, we switch to using flatcar Linux (an open-source CoreOS derivative) as the base OS image for the clusters.
Also, we have to drop support for Typhoon 1.18 as it doesn't have an option for Flatcar, only container Linux which has been discontinued and no longer working.
The change should be transparent from the point of view of Kubernetes clients.
Acceptance tests
Output from acceptance testing:
Release Note
Release note for CHANGELOG:
References
Community Note