From 291107e4c912a3ae431f9f250c24a0114b0d2664 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sun, 29 Oct 2023 16:11:04 -0700
Subject: [PATCH] Workaround problems in Cilium v1.14 partial kube-proxy
 replacement

* With Cilium v1.14, Cilium's kube-proxy partial mode changed to
either be enabled or disabled (not partial). This somtimes leaves
Cilium (and the host) unable to reach the kube-apiserver via the
in-cluster Kubernetes Service IP, until the host is rebooted
* As a workaround, configure Cilium to rely on external DNS resolvers
to find the IP address of the apiserver. This is less portable
and less "clean" than using in-cluster discovery, but also what
Cilium wants users to do. Revert this when the upstream issue
https://github.com/cilium/cilium/issues/27982 is resolved
---
 CHANGES.md                                          | 1 +
 aws/fedora-coreos/kubernetes/bootstrap.tf           | 2 +-
 aws/flatcar-linux/kubernetes/bootstrap.tf           | 2 +-
 azure/fedora-coreos/kubernetes/bootstrap.tf         | 2 +-
 azure/flatcar-linux/kubernetes/bootstrap.tf         | 2 +-
 bare-metal/fedora-coreos/kubernetes/bootstrap.tf    | 2 +-
 bare-metal/flatcar-linux/kubernetes/bootstrap.tf    | 2 +-
 digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +-
 digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +-
 google-cloud/fedora-coreos/kubernetes/bootstrap.tf  | 2 +-
 google-cloud/flatcar-linux/kubernetes/bootstrap.tf  | 2 +-
 11 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 0ff4c82d..3c4dd780 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -7,6 +7,7 @@ Notable changes between versions.
 ## v1.28.3
 
 * Kubernetes [v1.28.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md#v1283)
+* Workaround problems in Cilium v1.14's partial `kube-proxy` implementation ([#365](https://github.com/poseidon/terraform-render-bootstrap/pull/365))
 
 ## v1.28.2
 
diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf
index 1bd9cdda..52d0179a 100644
--- a/aws/fedora-coreos/kubernetes/bootstrap.tf
+++ b/aws/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf
index 1bd9cdda..52d0179a 100644
--- a/aws/flatcar-linux/kubernetes/bootstrap.tf
+++ b/aws/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf
index 688a7f1c..e94381b5 100644
--- a/azure/fedora-coreos/kubernetes/bootstrap.tf
+++ b/azure/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf
index 688a7f1c..e94381b5 100644
--- a/azure/flatcar-linux/kubernetes/bootstrap.tf
+++ b/azure/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf
index 506f0dd9..b6ee7aaf 100644
--- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf
+++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name                    = var.cluster_name
   api_servers                     = [var.k8s_domain_name]
diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf
index 02545ed9..89f421ba 100644
--- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf
+++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name                    = var.cluster_name
   api_servers                     = [var.k8s_domain_name]
diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
index c9b2c59a..1f7f5ac0 100644
--- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
+++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf
index c9b2c59a..1f7f5ac0 100644
--- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf
+++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf
index b03ce99f..31b0e87c 100644
--- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf
+++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf
index b03ce99f..31b0e87c 100644
--- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf
+++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ae571974b0b7a7fcd93c12f635fb8f2d6808ac51"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=720adbeb43a8b2860bf92544600f1fd4f0d2a907"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]