Skip to content

Add BaseURL & issuer overrides, CABundle #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add BaseURL & issuer overrides, CABundle #101

wants to merge 2 commits into from

Conversation

mjudeikis
Copy link
Contributor

@mjudeikis mjudeikis commented Oct 1, 2025
edited
Loading

Summary

Enables configuring the ShardBaseURL from api so that one can expose shards to be publicly accessible.
Enables providing different issuers for shards and frontproxy server certificates.
Fixes frontproxy kubeconfig trusted certificate value.

What Type of PR Is This?

/kind feature

Related Issue(s)

Fixes #

Release Notes

Add spec.shardBaseURL to enable configuring the shard base URL
Add spec.certificateTemplate.issuerRef to be able to fully change the issuer used when overriding certificate generation
Add spec.caBundleSecretRef to be used when additional trust needs to be injected into specific kubeconfigs (external kubeconfigs only). Configurable per shard/front-proxy
Change the behaviour of how certificateTemplate.dnsNames behaves. It will not merge DNSNames anymore if custom issuer is provided

@kcp-ci-bot kcp-ci-bot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Oct 1, 2025
@kcp-ci-bot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@kcp-ci-bot kcp-ci-bot added kind/feature Categorizes issue or PR as related to a new feature. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: yes Indicates the PR's author has signed the DCO. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 1, 2025
@mjudeikis mjudeikis marked this pull request as ready for review October 1, 2025 12:30
@kcp-ci-bot kcp-ci-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 1, 2025
@mjudeikis mjudeikis marked this pull request as draft October 1, 2025 12:48
@kcp-ci-bot kcp-ci-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 1, 2025
@mjudeikis mjudeikis changed the title Expose ShardBaseURL via API Production readiness pr Oct 3, 2025
@mjudeikis mjudeikis force-pushed the mjudeikis/update.external.shard.base.url branch from 3c26218 to 750d908 Compare October 3, 2025 12:17
@mjudeikis mjudeikis changed the title Production readiness pr Add BaseURL & issuer overrides Oct 3, 2025
@mjudeikis mjudeikis force-pushed the mjudeikis/update.external.shard.base.url branch 2 times, most recently from 36f9924 to f9a021b Compare October 6, 2025 07:23
@mjudeikis mjudeikis marked this pull request as ready for review October 6, 2025 07:25
@kcp-ci-bot kcp-ci-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 6, 2025
@mjudeikis mjudeikis mentioned this pull request Oct 6, 2025
Open
1 task
embik
embik requested changes Oct 6, 2025
View reviewed changes
@kcp-ci-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from embik. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

embik
embik requested changes Oct 6, 2025
View reviewed changes
@mjudeikis mjudeikis force-pushed the mjudeikis/update.external.shard.base.url branch from 53656a7 to 0c8544f Compare October 6, 2025 09:36
@mjudeikis
Copy link
Contributor Author

/retest

embik
embik reviewed Oct 6, 2025
View reviewed changes
@mjudeikis
Copy link
Contributor Author

/retest

mjudeikis
mjudeikis commented Oct 7, 2025
View reviewed changes
@mjudeikis mjudeikis force-pushed the mjudeikis/update.external.shard.base.url branch from cc53069 to bedde42 Compare October 7, 2025 10:31
embik
embik reviewed Oct 7, 2025
View reviewed changes
@mjudeikis mjudeikis force-pushed the mjudeikis/update.external.shard.base.url branch 2 times, most recently from 49eff75 to 8b94fba Compare October 7, 2025 12:13
@mjudeikis mjudeikis changed the title Add BaseURL & issuer overrides Add BaseURL & issuer overrides, CABundle Oct 9, 2025
@embik
Copy link
Member

embik commented Oct 9, 2025

/retest

3 similar comments
@mjudeikis
Copy link
Contributor Author

/retest

@mjudeikis
Copy link
Contributor Author

/retest

@mjudeikis
Copy link
Contributor Author

/retest

@mjudeikis
Copy link
Contributor Author

This looks strange flakes. Like kind cluster is struggling to delete namespaces.
/retest

@kcp-ci-bot
Copy link
Contributor

@mjudeikis: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kcp-operator-test-e2e-canary 8856016 link false /test pull-kcp-operator-test-e2e-canary

Full PR test history

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@mjudeikis
remove … in favor of ...
cd70e3e 
Signed-off-by: Mangirdas Judeikis <[email protected]>
On-behalf-of: SAP <[email protected]>
@mjudeikis mjudeikis force-pushed the mjudeikis/update.external.shard.base.url branch from 8856016 to cd70e3e Compare October 9, 2025 13:28
@kcp-ci-bot kcp-ci-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Oct 9, 2025
@mjudeikis mjudeikis marked this pull request as draft October 9, 2025 13:38
@kcp-ci-bot kcp-ci-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 9, 2025
@mjudeikis
Copy link
Contributor Author

This outgrew. Gonna start splitting

@kcp-ci-bot kcp-ci-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 9, 2025
@kcp-ci-bot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@embik embik embik requested changes

Assignees

@embik embik

Labels
dco-signoff: yes Indicates the PR's author has signed the DCO. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mjudeikis @kcp-ci-bot @embik