I’ve tested creating an app and provisioning a device to the k8s cluster on DigitalOcean. This works as expected, so that’s another milestone!
I’ve added an nginx ingress to the cluster to handle the different subdomains and added a cert-manager
manually. I’ll add this, after some testing, to the repository later on. But my next obstacle is the VPN. I haven’t managed to get it to work. I’ve added a static NodePort to the VPN service (30001
) and added it to the LoadBalancer on DigitalOcean. When I go to:
vpn.mydomain.io
I’m redirected to HTTPS and get a 502 error. I have another server running openBalena on Docker, and that responds a 503 error (which is probably the same for NGINX as it is for Haproxy). When I go to port 3128
via HTTP, I get a method not allowed
on both servers, so this seems like it’s working.
When I look into the logs of the device, I get the following output:
Jun 14 09:58:15 20a9eed openvpn[2923]: Sun Jun 14 09:58:15 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 14 09:58:15 20a9eed openvpn[2923]: Sun Jun 14 09:58:15 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.83.185:443
Jun 14 09:58:15 20a9eed openvpn[2923]: Sun Jun 14 09:58:15 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
Jun 14 09:58:15 20a9eed openvpn[2923]: Sun Jun 14 09:58:15 2020 Attempting to establish TCP connection with [AF_INET]64.225.83.185:443 [nonblock]
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 TCP connection established with [AF_INET]64.225.83.185:443
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 TCP_CLIENT link local: (not bound)
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 TCP_CLIENT link remote: [AF_INET]64.225.83.185:443
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possibl>
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 Connection reset, restarting [0]
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 SIGUSR1[soft,connection-reset] received, process restarting
Jun 14 09:58:16 20a9eed openvpn[2923]: Sun Jun 14 09:58:16 2020 Restart pause, 120 second(s)
It’s probably some misconfiguring on my part. But after looking in the haproxy.cfg
, I don’t know what goes wrong. I’ve also never worked with haproxy before, so I don’t really understand the config.
I hope you guys can help me out here, so I can make the k8s a success with openBalena!
Added question
Is it possible to use S3 storage instead of the open-balena-s3
with minio configured? And if so, is it also possible to use DigitalOcean Spaces (which is compatible with S3, AFAIK). This way, I can utilize all the nice things of openBalena and use the power of third-party services
Got this working! Had to change the following environment variables in config/activate
:
- OPENBALENA_S3_ACCESS_KEY
- OPENBALENA_S3_SECRET_KEY
- OPENBALENA_S3_ENDPOINT
- OPENBALENA_S3_BUCKETS
- OPENBALENA_REGISTRY2_S3_BUCKET
Linked this to the DigitalOcean Spaces configuration I’ve got and everything of the Registry is saved to the right space. So I don’t need the S3 Minio container anymore and all is handled by a third-party S3 solution, which is much cheaper and convenient