Skip to content
This repository was archived by the owner on Oct 28, 2024. It is now read-only.

✨ Enabled Aggregate API for Virtual Cluster #167

Merged
k8s-ci-robot merged 1 commit into from
Jul 14, 2021
Merged

✨ Enabled Aggregate API for Virtual Cluster #167

k8s-ci-robot merged 1 commit into from
Jul 14, 2021

Conversation

@gyliu513
Copy link
Contributor

@gyliu513 gyliu513 commented Jul 12, 2021
edited
Loading

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #166

@christopherhein @Fei-Guo

This PR only covered VirtualCluster but does not cover nested control plane, will fix nested control plane in another PR.

@wangjsty ^^

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 12, 2021
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 12, 2021
christopherhein
christopherhein suggested changes Jul 12, 2021
View reviewed changes
Copy link
Contributor

@christopherhein christopherhein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once change, otherwise this looks good, thank you for adding support for these.

...plane/nested/component-templates/nested-apiserver/nested-apiserver-statefulset-template.yaml Outdated
Comment on lines 64 to 65
- --proxy-client-key-file=/etc/kubernetes/pki/apiserver/tls.key
- --proxy-client-cert-file=/etc/kubernetes/pki/apiserver/tls.crt
Copy link
Contributor

@christopherhein christopherhein Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not suggested to use the same CA and thus Cert/Key as the APIServer check out - https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/#ca-reusage-and-conflicts for more information, we actually already create a new CA/Cert/Key for "front-proxy" which is meant to be used for this purpose - https://github.com/kubernetes-sigs/cluster-api-provider-nested/blob/main/controlplane/nested/controllers/nestedapiserver_controller.go#L228-L246 you'll need to add this to the volume mounts to add support for it.

Copy link
Contributor Author

@gyliu513 gyliu513 Jul 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@christopherhein christopherhein changed the title Enabled Aggregate API ✨ Enabled Aggregate API Jul 12, 2021
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 14, 2021
@gyliu513 gyliu513 changed the title ✨ Enabled Aggregate API ✨ Enabled Aggregate API for Virtual Cluster Jul 14, 2021
@gyliu513
Enabled Aggregate API for VirtualCluster
252897c 
This PR is mainly for virtualcluster.
@christopherhein
Copy link
Contributor

christopherhein commented Jul 14, 2021

Did you mean to remove the changes you made in controlplane/nested/component-templates/nested-apiserver/nested-apiserver-statefulset-template.yaml prior?

@gyliu513
Copy link
Contributor Author

gyliu513 commented Jul 14, 2021

Did you mean to remove the changes you made in controlplane/nested/component-templates/nested-apiserver/nested-apiserver-statefulset-template.yaml prior?

@christopherhein for now, yes, I want to use this PR for virtual cluster and then create another PR for nested control plane soon, hope it is OK.

@christopherhein
Copy link
Contributor

christopherhein commented Jul 14, 2021

Sounds good, just wanted to make sure. 👍
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jul 14, 2021
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jul 14, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: christopherhein, gyliu513

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit c4f9464 into kubernetes-retired:main Jul 14, 2021
@gyliu513 gyliu513 deleted the agg-api branch July 14, 2021 14:10
@jinsongo
Copy link
Contributor

jinsongo commented Jul 14, 2021
edited
Loading

@gyliu513 @christopherhein, One more comment even though the PR was merged.
I validated the PR again, looks like it's good, but please use - --requestheader-allowed-names=front-proxy-client to replace the current - --requestheader-allowed-names="". Thanks.

@christopherhein
Copy link
Contributor

christopherhein commented Jul 14, 2021

@gyliu513 @christopherhein, One more comment even through the PR was merged.
I validated the PR again, looks like it's good, but please use - --requestheader-allowed-names=front-proxy-client to replace the current - --requestheader-allowed-names="". Thanks.

Good find, @wangjsty can you make sure an issue is filled and @gyliu513 can you do this as well?

@gyliu513
Copy link
Contributor Author

gyliu513 commented Jul 15, 2021

@christopherhein Done at #179

@gyliu513 gyliu513 mentioned this pull request Jul 30, 2021
Closed
@Abirdcfly Abirdcfly mentioned this pull request Aug 19, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@charleszheng44 charleszheng44 Awaiting requested review from charleszheng44

@fabriziopandini fabriziopandini Awaiting requested review from fabriziopandini

1 more reviewer

@christopherhein christopherhein christopherhein approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@christopherhein christopherhein

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OLM need work on aggregation API but it's disabled by Virtual Cluster

4 participants

@gyliu513 @christopherhein @k8s-ci-robot @jinsongo