Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Divert kube-api access via SSH tunnel #714

Merged
merged 1 commit into from
Oct 29, 2019
Merged

Divert kube-api access via SSH tunnel #714

merged 1 commit into from
Oct 29, 2019

Conversation

kron4eg
Copy link
Member

@kron4eg kron4eg commented Oct 24, 2019

What this PR does / why we need it:
KubeOne operator may create kube-API loabdalancer as internal, only accessible from inside the VPC or internal-perimeter, so KubeOne will divert all kube-API access over SSH tunnel from the leader node which guaranteed to have direct kube-api access (since kubelet need to communicate with it).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #659

kube-api communications are going via the SSH tunnel

@kubermatic-bot kubermatic-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. labels Oct 24, 2019
@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kron4eg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 24, 2019
@kron4eg kron4eg force-pushed the kube-api-ssh-tunnel-conn branch 2 times, most recently from c413608 to c87f5d2 Compare October 25, 2019 08:05
@xmudrii
Copy link
Member

xmudrii commented Oct 25, 2019

/test pull-kubeone-test

@kron4eg kron4eg force-pushed the kube-api-ssh-tunnel-conn branch 2 times, most recently from c869e48 to 40e4e0e Compare October 28, 2019 20:31
@kron4eg
Copy link
Member Author

kron4eg commented Oct 28, 2019

/retest

@kubermatic-bot kubermatic-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 28, 2019
@kron4eg
Copy link
Member Author

kron4eg commented Oct 28, 2019

/retest

@kron4eg kron4eg changed the title WIP: Divert kube-api access via SSH tunnel if possible Divert kube-api access via SSH tunnel if possible Oct 28, 2019
@kubermatic-bot kubermatic-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 28, 2019
@kron4eg kron4eg changed the title Divert kube-api access via SSH tunnel if possible Divert kube-api access via SSH tunnel Oct 28, 2019
@kron4eg kron4eg requested a review from xmudrii October 28, 2019 22:03
@kron4eg
Copy link
Member Author

kron4eg commented Oct 28, 2019

/retest

1 similar comment
@kron4eg
Copy link
Member Author

kron4eg commented Oct 29, 2019

/retest

@kron4eg kron4eg changed the title Divert kube-api access via SSH tunnel WIP Divert kube-api access via SSH tunnel Oct 29, 2019
@kubermatic-bot kubermatic-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 29, 2019
@kron4eg kron4eg changed the title WIP Divert kube-api access via SSH tunnel Divert kube-api access via SSH tunnel Oct 29, 2019
@kubermatic-bot kubermatic-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 29, 2019
@kron4eg kron4eg mentioned this pull request Oct 29, 2019
Closed
xmudrii
xmudrii approved these changes Oct 29, 2019
View reviewed changes
Copy link
Member

@xmudrii xmudrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Oct 29, 2019
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: b30a487a3a2c71c71bec45ee1c7ffe14e2a44711

@xmudrii
Copy link
Member

xmudrii commented Oct 29, 2019

Those look like some weird flakes.
/retest

@kubermatic-bot kubermatic-bot merged commit 1a900c7 into master Oct 29, 2019
@kubermatic-bot kubermatic-bot added this to the v0.11 milestone Oct 29, 2019
@kubermatic-bot kubermatic-bot deleted the kube-api-ssh-tunnel-conn branch October 29, 2019 10:10
@kron4eg kron4eg mentioned this pull request Oct 29, 2019
Closed
@xmudrii xmudrii mentioned this pull request Dec 18, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xmudrii xmudrii xmudrii approved these changes

Assignees

@xmudrii xmudrii

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v0.11
Development

Successfully merging this pull request may close these issues.

Divert kubeapi access to private loadbalancer via SSH port forwarding
3 participants
@kron4eg @kubermatic-bot @xmudrii