HOSTEDCP-1960: Add KubeAPIExteralName api

[jparrill]

This new API autogenerate a new kubeconfig based on a desired url and managed by HCP.

What this PR does / why we need it:
The current implementation of HCP to define the KAS address is using the ServicePublishingType, where you can define a hostname and that, will customize the API and API-INT interfaces where all the kubeconfigs (excepts the ones pointing to local) are pointing to. This makes the customization rigid and customers are asking for more flexibility.

This PR adds a new API which creates a new Kubeconfig (certificate based) pointing to the desired address. With this new API you can:

• Modify the address day-1 and day-2 without affectation of the DataPlane (No rollout expected)
• Generation of a new Kubeconfig based on certificates (managed by HCP)
• The HC and HCP are in sync about this new Kubeconfig and reported in the status as customKubeconfig
• The target of this new API are the scenarios of Public and PublicAndPrivate

⚠️ IMPORTANT! The external DNSs URL where you plan to point to and you will specify it in this new API, should be properly configured in order to makes this work.

Which issue(s) this PR fixes:

• Fixes #HOSTEDCP-1960

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

[openshift-ci-robot]

@jparrill: This pull request references HOSTEDCP-1960 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

This new API changes the value of the Kubeconfig External URL to points to your desired one

What this PR does / why we need it:
HostedControlPlanes does not follows the separation of API and API-INT as OCP Standalone does. This PR includes a new API called KubeAPIExteralName which takes the desired name for the external KubeAPI Server name.

To have in mind:

• This can be changed day-0 or day-2
• This will not cause a nodepool rollout
• This will generate a new Kubeconfig called apiext-admin-kubeconfig
• This Kubeconfig should be bubbled up into HC namespace too

Which issue(s) this PR fixes:

• Fixes #HOSTEDCP-1960

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jparrill

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jparrill]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@jparrill: This pull request references HOSTEDCP-1960 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

This new API changes the value of the Kubeconfig External URL to points to your desired one

What this PR does / why we need it:
HostedControlPlanes does not follows the separation of API and API-INT as OCP Standalone does. This PR includes a new API called KubeAPIExteralName which takes the desired name for the external KubeAPI Server name.

To have in mind:

• This can be changed day-0 or day-2
• This will not cause a nodepool rollout
• This will generate a new Kubeconfig called apiext-admin-kubeconfig
• This Kubeconfig is bubbled up into HC namespace too

Which issue(s) this PR fixes:

• Fixes #HOSTEDCP-1960

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jparrill: This pull request references HOSTEDCP-1960 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

This new API changes the value of the Kubeconfig External URL to points to your desired one

What this PR does / why we need it:
HostedControlPlanes does not follows the separation of API and API-INT as OCP Standalone does. This PR includes a new API called KubeAPIExteralName which takes the desired name for the external KubeAPI Server name.

To have in mind:

• This can be changed day-1 or day-2
• This will not cause a nodepool rollout
• This will generate a new Kubeconfig called apiext-admin-kubeconfig
• This Kubeconfig is bubbled up into HC namespace too

Which issue(s) this PR fixes:

• Fixes #HOSTEDCP-1960

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[enxebre]

HostedControlPlanes does not follows the separation of API and API-INT

Can we elaborate on this? Which topologies is this use case targeting: privateAndPublic, private, public?
For privateAndPublic we do have decouple internal and external urls routing to kas, so what's this solving?
Seems the PR is effectively implementing a kubeconfig autogeneration using a passed through URL, let's make sure that's clearly stated in the PR desc and API docs, also let's clarify how this is planned to be consumed and that consumption solves the driving rfe.

[openshift-ci-robot]

@jparrill: This pull request references HOSTEDCP-1960 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

This new API autogenerate a new kubeconfig based on a desired url and managed by HCP.

What this PR does / why we need it:
The current implementation of HCP to define the KAS address is using the ServicePublishingType, where you can define a hostname and that, will customize the API and API-INT interfaces where all the kubeconfigs (excepts the ones pointing to local) are pointing to. This makes the customization rigid and customers are asking for more flexibility.

This PR adds a new API which creates a new Kubeconfig (certificate based) pointing to the desired address. With this new API you can:

• Modify the address day-1 and day-2 without affectation of the DataPlane (No rollout expected)
• Generation of a new Kubeconfig based on certificates (managed by HCP)
• The HC and HCP are in sync about this new Kubeconfig and reported in the status as customKubeconfig
• The target of this new API are the scenarios of Public and PublicAndPrivate

⚠️ IMPORTANT! The external DNSs URL where you plan to point to and you will specify it in this new API, should be properly configured in order to makes this work.

Which issue(s) this PR fixes:

• Fixes #HOSTEDCP-1960

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[csrwng]

Some nits in the API. In general, please use consistent case for "kubeconfig" wherever it appears in the API.

[csrwng]

s/kubeApiCustomName/kubeAPICustomName

[csrwng]

fix

[csrwng]

fix

[csrwng]

s/kubeApiCustomName/kubeAPICustomName/

[csrwng]

fix

[openshift-ci]

@jparrill: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	22b1bdb	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/e2e-aks	22b1bdb	link	true	/test e2e-aks
ci/prow/e2e-aws-upgrade-hypershift-operator	22b1bdb	link	true	/test e2e-aws-upgrade-hypershift-operator
ci/prow/e2e-aws	22b1bdb	link	true	/test e2e-aws

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[muraee]

I assume you want hcp.Spec.KubeAPICustomKubeconfig != nil here, right?

[muraee]

please move this function to kubeconfig.go file

[muraee]

I don't think any other component will use this predicate other than kas.
let's move it to the kas package where its used.
See this as an example https://github.com/muraee/hypershift/blob/karpenter-userdata/control-plane-operator/controllers/hostedcontrolplane/v2/cno/component.go#L47