Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HOSTEDCP-1960: Add KubeAPIExteralName api #5458

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

HOSTEDCP-1960: Add KubeAPIExteralName api #5458

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions api/hypershift/v1beta1/hosted_controlplane.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ type HostedControlPlaneSpec struct {
// +optional
KubeConfig *KubeconfigSecretRef `json:"kubeconfig,omitempty"`

// kubeAPICustomKubeconfig is a group that encompasses an additional KAS server address and the customkubeconfig generated for the kube-apiserver.
// +optional
KubeAPICustomKubeconfig *KubeAPICustomKubeconfig `json:"kubeAPICustomKubeconfig,omitempty"`

// Services defines metadata about how control plane services are published
// in the management cluster.
// +kubebuilder:validation:MaxItems=6
Expand Down Expand Up @@ -202,6 +206,26 @@ type HostedControlPlaneSpec struct {
Labels map[string]string `json:"labels,omitempty"`
}

// kubeAPICustomKubeconfig is a group that englobes an additional KAS server address and the customkubeconfig generated for the kube-apiserver.
// +optional
type KubeAPICustomKubeconfig struct {
// customKubeConfig specifies the name and key for the External Custom kubeconfig secret.
// When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
// This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig` (remarking that in the HC status is lowercase meanwhile this one is camelCase to keep the consistency with the rest of the spec).
// If removed during day-2 operations, all related secrets and status references will also be deleted.
// +optional
CustomKubeConfig *KubeconfigSecretRef `json:"customKubeConfig,omitempty"`

// kubeAPICustomName specifies the external name for the Kube API Server service.
// This is used to configure the Kube API Server service to use a different name, so
// the DNS should be configured to resolve the external name to the Kube API Server service.
// +kubebuilder:validation:XValidation:rule=`self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')`,message="kubeAPICustomName must be a valid URL name (e.g., api.example.com)"
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:example: "api.example.com"
// +optional
KubeAPICustomName string `json:"kubeAPICustomName,omitempty"`
}

// availabilityPolicy specifies a high level availability policy for components.
// +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica
type AvailabilityPolicy string
Expand Down Expand Up @@ -300,6 +324,12 @@ type HostedControlPlaneStatus struct {
// for this control plane.
KubeConfig *KubeconfigSecretRef `json:"kubeConfig,omitempty"`

// customKubeConfig specifies the name and key for the External Custom kubeconfig secret.
// This field is optional and only allowed if kubeApiExternalName is not empty. When set, they result in the generation of a secret with the given name containing a Kubeconfig within the hostedCluster namespace and a referenced by the hostedCluster.status object.
// When removed day 2 the secret will be deleted and the kubeconfig will be removed from the hostedCluster.status object.
// +optional
CustomKubeConfig *KubeconfigSecretRef `json:"customKubeConfig,omitempty"`

// KubeadminPassword is a reference to the secret containing the initial kubeadmin password
// for the guest cluster.
// +optional
Expand Down
16 changes: 16 additions & 0 deletions api/hypershift/v1beta1/hostedcluster_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,15 @@ type HostedClusterSpec struct {
// +required
Platform PlatformSpec `json:"platform"`

// kubeApiCustomName specifies the external name for the Kube API Server service.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/kubeApiCustomName/kubeAPICustomName/

// This is used to configure the Kube API Server service to use a different name, so
// the DNS should be configured to resolve the external name to the Kube API Server service.
// +kubebuilder:validation:XValidation:rule=`self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')`,message="kubeApiCustomName must be a valid URL name (e.g., api.example.com)"
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:example: "api.example.com"
// +optional
KubeAPICustomName string `json:"kubeAPICustomName,omitempty"`

// controllerAvailabilityPolicy specifies the availability policy applied to critical control plane components like the Kube API Server.
// Possible values are HighlyAvailable and SingleReplica. The default value is HighlyAvailable.
// +optional
Expand Down Expand Up @@ -1423,6 +1432,13 @@ type HostedClusterStatus struct {
// +optional
KubeConfig *corev1.LocalObjectReference `json:"kubeconfig,omitempty"`

// customkubeconfig specifies the name and key for the External Custom kubeconfig secret.
// When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
// This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig`.
// If removed during day-2 operations, all related secrets and status references will also be deleted.
// +optional
CustomKubeConfig *corev1.LocalObjectReference `json:"customkubeconfig,omitempty"`

// KubeadminPassword is a reference to the secret that contains the initial
// kubeadmin user password for the guest cluster.
// +optional
Expand Down
35 changes: 35 additions & 0 deletions api/hypershift/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 28 additions & 0 deletions ...erated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2358,6 +2358,16 @@ spec:
rule: self == oldSelf
- message: issuerURL must be a valid absolute URL
rule: isURL(self)
kubeAPICustomName:
description: |-
kubeApiCustomName specifies the external name for the Kube API Server service.
This is used to configure the Kube API Server service to use a different name, so
the DNS should be configured to resolve the external name to the Kube API Server service.
maxLength: 253
type: string
x-kubernetes-validations:
- message: kubeApiCustomName must be a valid URL name (e.g., api.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
networking:
default:
clusterNetwork:
Expand Down Expand Up @@ -4181,6 +4191,24 @@ spec:
- host
- port
type: object
customkubeconfig:
description: |-
customkubeconfig specifies the name and key for the External Custom kubeconfig secret.
When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig`.
If removed during day-2 operations, all related secrets and status references will also be deleted.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
ignitionEndpoint:
description: |-
IgnitionEndpoint is the endpoint injected in the ign config userdata.
Expand Down
28 changes: 28 additions & 0 deletions ...regated-crd-manifests/hostedclusters.hypershift.openshift.io/AROHCPManagedIdentities.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2354,6 +2354,16 @@ spec:
rule: self == oldSelf
- message: issuerURL must be a valid absolute URL
rule: isURL(self)
kubeAPICustomName:
description: |-
kubeApiCustomName specifies the external name for the Kube API Server service.
This is used to configure the Kube API Server service to use a different name, so
the DNS should be configured to resolve the external name to the Kube API Server service.
maxLength: 253
type: string
x-kubernetes-validations:
- message: kubeApiCustomName must be a valid URL name (e.g., api.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
networking:
default:
clusterNetwork:
Expand Down Expand Up @@ -4452,6 +4462,24 @@ spec:
- host
- port
type: object
customkubeconfig:
description: |-
customkubeconfig specifies the name and key for the External Custom kubeconfig secret.
When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig`.
If removed during day-2 operations, all related secrets and status references will also be deleted.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
ignitionEndpoint:
description: |-
IgnitionEndpoint is the endpoint injected in the ign config userdata.
Expand Down
28 changes: 28 additions & 0 deletions ....featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AutoNodeKarpenter.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2399,6 +2399,16 @@ spec:
rule: self == oldSelf
- message: issuerURL must be a valid absolute URL
rule: isURL(self)
kubeAPICustomName:
description: |-
kubeApiCustomName specifies the external name for the Kube API Server service.
This is used to configure the Kube API Server service to use a different name, so
the DNS should be configured to resolve the external name to the Kube API Server service.
maxLength: 253
type: string
x-kubernetes-validations:
- message: kubeApiCustomName must be a valid URL name (e.g., api.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
networking:
default:
clusterNetwork:
Expand Down Expand Up @@ -4214,6 +4224,24 @@ spec:
- host
- port
type: object
customkubeconfig:
description: |-
customkubeconfig specifies the name and key for the External Custom kubeconfig secret.
When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig`.
If removed during day-2 operations, all related secrets and status references will also be deleted.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
ignitionEndpoint:
description: |-
IgnitionEndpoint is the endpoint injected in the ign config userdata.
Expand Down
28 changes: 28 additions & 0 deletions ...gated-crd-manifests/hostedclusters.hypershift.openshift.io/DynamicResourceAllocation.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2375,6 +2375,16 @@ spec:
rule: self == oldSelf
- message: issuerURL must be a valid absolute URL
rule: isURL(self)
kubeAPICustomName:
description: |-
kubeApiCustomName specifies the external name for the Kube API Server service.
This is used to configure the Kube API Server service to use a different name, so
the DNS should be configured to resolve the external name to the Kube API Server service.
maxLength: 253
type: string
x-kubernetes-validations:
- message: kubeApiCustomName must be a valid URL name (e.g., api.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
networking:
default:
clusterNetwork:
Expand Down Expand Up @@ -4190,6 +4200,24 @@ spec:
- host
- port
type: object
customkubeconfig:
description: |-
customkubeconfig specifies the name and key for the External Custom kubeconfig secret.
When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig`.
If removed during day-2 operations, all related secrets and status references will also be deleted.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
ignitionEndpoint:
description: |-
IgnitionEndpoint is the endpoint injected in the ign config userdata.
Expand Down
28 changes: 28 additions & 0 deletions ...rated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2596,6 +2596,16 @@ spec:
rule: self == oldSelf
- message: issuerURL must be a valid absolute URL
rule: isURL(self)
kubeAPICustomName:
description: |-
kubeApiCustomName specifies the external name for the Kube API Server service.
This is used to configure the Kube API Server service to use a different name, so
the DNS should be configured to resolve the external name to the Kube API Server service.
maxLength: 253
type: string
x-kubernetes-validations:
- message: kubeApiCustomName must be a valid URL name (e.g., api.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
networking:
default:
clusterNetwork:
Expand Down Expand Up @@ -4411,6 +4421,24 @@ spec:
- host
- port
type: object
customkubeconfig:
description: |-
customkubeconfig specifies the name and key for the External Custom kubeconfig secret.
When set, it triggers the generation of a secret with the specified name containing a kubeconfig within the `HostedCluster` namespace.
This kubeconfig will also be referenced in the `HostedCluster.status` as `customkubeconfig`.
If removed during day-2 operations, all related secrets and status references will also be deleted.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
ignitionEndpoint:
description: |-
IgnitionEndpoint is the endpoint injected in the ign config userdata.
Expand Down
Loading