Skip to content

Commit e6c8b02

Browse files
mysticaltechmysticaltech
committed
fix: stabilize v3 live release smokes
1 parent 13e84db commit e6c8b02

3 files changed

Lines changed: 56 additions & 8 deletions

File tree

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,8 @@ This is the v3 major-release line. Before upgrading from any `v2.x` release:
6363

6464
### 🐛 Bug Fixes
6565

66+
- **External Manifest Fetch Resilience** - Added retry blocks to GitHub and public-IP HTTP data sources so transient TLS handshake timeouts do not fail plans, applies, or destroys.
67+
- **Autoscaler CA Root Loading** - Removed the `/etc/ssl/certs` hostPath mount from Cluster Autoscaler so RKE2/Leap Micro clusters use the image's bundled CA roots instead of hitting host certificate directory permission failures.
6668
- **Terraform 1.15 Validation Compatibility** - Moved cross-variable and local-dependent module contract checks from input-variable validation blocks into a hard `terraform_data.validation_contract` precondition surface, preserving plan-time failures while allowing Terraform 1.15.0 to initialize and validate the module.
6769
- **Tailscale Volume Provisioning Ordering** - Agent Longhorn and attached-volume configuration now waits for Tailscale agent bootstrap before using Tailnet MagicDNS SSH targets.
6870
- **Tailscale Auth-Key Ergonomics** - `auth_key` mode no longer advertises kube-hetzner tags by default, so simple pre-auth keys work without Tailnet `tagOwners`; tagged nodes remain an explicit opt-in and OAuth mode now validates that tag-scoped auth is configured.

data.tf

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ data "http" "hetzner_ccm_release" {
55
request_headers = {
66
Accept = "application/vnd.github+json"
77
}
8+
9+
retry {
10+
attempts = 4
11+
min_delay_ms = 1000
12+
max_delay_ms = 10000
13+
}
814
}
915

1016
data "http" "hetzner_csi_release" {
@@ -14,6 +20,12 @@ data "http" "hetzner_csi_release" {
1420
request_headers = {
1521
Accept = "application/vnd.github+json"
1622
}
23+
24+
retry {
25+
attempts = 4
26+
min_delay_ms = 1000
27+
max_delay_ms = 10000
28+
}
1729
}
1830

1931
data "http" "kured_release" {
@@ -23,6 +35,12 @@ data "http" "kured_release" {
2335
request_headers = {
2436
Accept = "application/vnd.github+json"
2537
}
38+
39+
retry {
40+
attempts = 4
41+
min_delay_ms = 1000
42+
max_delay_ms = 10000
43+
}
2644
}
2745

2846
data "http" "kured_manifest" {
@@ -31,6 +49,12 @@ data "http" "kured_manifest" {
3149
request_headers = {
3250
Accept = "text/plain"
3351
}
52+
53+
retry {
54+
attempts = 4
55+
min_delay_ms = 1000
56+
max_delay_ms = 10000
57+
}
3458
}
3559

3660
data "http" "system_upgrade_controller_manifest" {
@@ -39,6 +63,12 @@ data "http" "system_upgrade_controller_manifest" {
3963
request_headers = {
4064
Accept = "text/plain"
4165
}
66+
67+
retry {
68+
attempts = 4
69+
min_delay_ms = 1000
70+
max_delay_ms = 10000
71+
}
4272
}
4373

4474
data "http" "system_upgrade_controller_crd" {
@@ -47,6 +77,12 @@ data "http" "system_upgrade_controller_crd" {
4777
request_headers = {
4878
Accept = "text/plain"
4979
}
80+
81+
retry {
82+
attempts = 4
83+
min_delay_ms = 1000
84+
max_delay_ms = 10000
85+
}
5086
}
5187

5288
data "http" "gateway_api_standard_crds" {
@@ -57,6 +93,12 @@ data "http" "gateway_api_standard_crds" {
5793
request_headers = {
5894
Accept = "text/plain"
5995
}
96+
97+
retry {
98+
attempts = 4
99+
min_delay_ms = 1000
100+
max_delay_ms = 10000
101+
}
60102
}
61103

62104
data "http" "calico_release" {
@@ -66,6 +108,12 @@ data "http" "calico_release" {
66108
request_headers = {
67109
Accept = "application/vnd.github+json"
68110
}
111+
112+
retry {
113+
attempts = 4
114+
min_delay_ms = 1000
115+
max_delay_ms = 10000
116+
}
69117
}
70118

71119
data "hcloud_ssh_keys" "keys_by_selector" {
@@ -81,6 +129,12 @@ data "http" "my_ipv4" {
81129
request_headers = {
82130
Accept = "text/plain"
83131
}
132+
133+
retry {
134+
attempts = 4
135+
min_delay_ms = 1000
136+
max_delay_ms = 10000
137+
}
84138
}
85139

86140
data "hcloud_servers" "existing_control_plane_nodes" {

templates/autoscaler.yaml.tpl

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -228,12 +228,4 @@ ${indent(8, yamlencode(cluster_autoscaler_tolerations))}
228228
- name: HCLOUD_SERVER_CREATION_TIMEOUT
229229
value: '${cluster_autoscaler_server_creation_timeout}'
230230
%{~ endif ~}
231-
volumeMounts:
232-
- name: ssl-certs
233-
mountPath: /etc/ssl/certs
234-
readOnly: true
235231
imagePullPolicy: "Always"
236-
volumes:
237-
- name: ssl-certs
238-
hostPath:
239-
path: "/etc/ssl/certs" # right place on MicroOS?

0 commit comments

Comments
 (0)