-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crossplane provider? #5
Comments
We actually are kind of figuring out how to do cloud provisioning, actually. We were looking into something like Pulumi for the provider backend, but thank you for telling us about the existence of this! We actually have received multiple requests about this feature, and have also planned to work on this in the future. |
Great. As a first step, I will try to work on a reusable crossplane composition package that combines the chisel operator and one or two implementations of exit nodes. Maybe a composition package is all that is needed as opposed to a full blown operator. https://docs.crossplane.io/latest/concepts/compositions/ Basically the composition would combine the official cloud instance crds and a helm provider to dynamically pass the ip from the cloud instance crd to the exit node. |
We decided to handle cloud provisioning through our own mechanism within the operator. Initial support for AWS, DigitalOcean, and Linode are in the latest release of the operator. Give it a go :) |
First, thank you so much for this project. I am fully onboard with the statement and would like to help if I can. I don't know much rust though.
I am curious if you have thought about making this a crossplane provider where you could also have the crds from the cloud provider to provision the node as opposed to making a cli. I am attaching the droplet definition I used for the exit node provisioning. The CRD for the droplet has a field for the public ip to fetch for the exit node, so we can probably make a crossplane composition pacakge that uses your operator with different clouds.
P.S. I later went in and blocked outside access on port 9090. If we had this type of provisioning in the controller then it wouldn't be too hard to also implement
allowedSourceRanges
part of the load balancer spec to sync to a firewall / security groupThe text was updated successfully, but these errors were encountered: