Skip to content
This repository has been archived by the owner on Apr 25, 2023. It is now read-only.

kubefedcluster use cadata in kubeconfig file #1361

Merged

Conversation

huiwq1990
Copy link
Contributor

What this PR does / why we need it:

Kubefedcluster's cadata build from member cluster's serviceaccount, it work well when kubefed directlly conntect to member cluster. In my case, kubefed connect to a proxyserver (it proxy all apiserver's traffic), and the proxyserver has a independent cabundle.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 22, 2021
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 22, 2021
@huiwq1990 huiwq1990 closed this Feb 22, 2021
@huiwq1990 huiwq1990 reopened this Feb 22, 2021
@RainbowMango
Copy link
Contributor

It's an interesting use case.

@huiwq1990 I guess you joining cluster with a kubeconfig file which contains proxyserver's CA. The joining process is perfectly fine, but the following request to a member cluster will be disallowed as proxyserver failed to verify the certificate. Is that true?

@huiwq1990
Copy link
Contributor Author

@RainbowMango Yes, kubefedcluster only use kubeconfig's apiserfver endpoint, it should use kubeconfig's cabundle too.

@irfanurrehman
Copy link
Contributor

Looks legit to me. LGTM. @RainbowMango is this change allright with you?

Copy link
Contributor

@makkes makkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be documented somewhere. I would suggest this page is the right place for it.

@huiwq1990
Copy link
Contributor Author

@makkes @irfanurrehman I write a note specify the change.

@RainbowMango
Copy link
Contributor

@irfanurrehman Yeah, I think the feature is reasonable. If there is CA data present in KUBECONFIG file, it is the preferred choice.
Thanks @huiwq1990
/retest

@hectorj2f
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 2, 2021
@hectorj2f
Copy link
Contributor

@makkes could you have a look again ? It looks good to me.

Copy link
Contributor

@hectorj2f hectorj2f left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hectorj2f, huiwq1990

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 4, 2021
@k8s-ci-robot k8s-ci-robot merged commit 408a314 into kubernetes-retired:master Mar 4, 2021
@huiwq1990 huiwq1990 deleted the fix-joinClusterCABundle branch March 5, 2021 04:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants