Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for identity service server and updating identity service #1385

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add support for identity service server and updating identity service #1385

wants to merge 3 commits into from
+118 −24

Conversation

afarbos
Copy link
Contributor

@afarbos afarbos commented Dec 17, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

Following #1366, the goal of this PR is to expose the server used by identity enabling easier authentication without prior cluster access or secret manipulation and update of the identity service config.

Doc: https://cloud.google.com/kubernetes-engine/docs/how-to/oidc

example:

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPManagedControlPlane
metadata:
  creationTimestamp: "2024-12-17T21:31:23Z"
  finalizers:
  - gcpmanagedcontrolplane.infrastructure.cluster.x-k8s.io
  generation: 2
  labels:
    cluster.x-k8s.io/cluster-name: foo
  name: foo
  namespace: bar
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: Cluster
    name: foo
    uid: ce97e489-f1e6-4fbb-bcb9-a34f98d1eab7
  resourceVersion: "16165"
  uid: 7ceb8c04-ab91-4b3c-967a-adf3c9e9be30
spec:
  clusterName: foo
  controlPlaneVersion: 1.30.5
  enableIdentityService: true
  endpoint:
    host: 108.59.84.44
    port: 443
  location: us-central1
  project: "123456"
status:
  conditions:
  - lastTransitionTime: "2024-12-17T22:08:04Z"
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-12-17T22:08:04Z"
    reason: GKEControlPlaneCreated
    severity: Info
    status: "False"
    type: GKEControlPlaneCreating
  - lastTransitionTime: "2024-12-17T22:08:04Z"
    status: "True"
    type: GKEControlPlaneReady
  - lastTransitionTime: "2024-12-17T22:27:36Z"
    reason: GKEControlPlaneUpdated
    severity: Info
    status: "False"
    type: GKEControlPlaneUpdating
  currentVersion: 1.30.5
  identityServiceServer: https://34.134.50.254:443 # <- NEW FIELD HERE
  initialized: true
  ready: true

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

  • squashed commits
  • includes documentation
  • adds unit tests

Release note:

GKEManagedControlPlane: Add support for identity service server in status and updating identity service

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Dec 17, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: afarbos
Once this PR has been reviewed and has the lgtm label, please assign richardcase for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 17, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @afarbos. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Dec 17, 2024
@netlify Netlify
Copy link

netlify bot commented Dec 17, 2024
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-gcp ready!

Name Link
🔨 Latest commit 60fdfc2
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-gcp/deploys/67645008b1f2e80008122791
😎 Deploy Preview https://deploy-preview-1385--kubernetes-sigs-cluster-api-gcp.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@afarbos
Copy link
Contributor Author

afarbos commented Dec 17, 2024

I ran locally: make generate, make verify and make test all pass.
I also verified everything works using tilt.

@afarbos afarbos force-pushed the af/RetrieveIDServiceServer branch from 97b4416 to 6bda6de Compare December 17, 2024 23:26
@salasberryfin
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 19, 2024
@salasberryfin
Copy link
Contributor

Thanks @afarbos. Could you please rebase your commits to squash them into logical changes? This helps maintain a clean history and simplifies reverts, if needed.

@afarbos afarbos force-pushed the af/RetrieveIDServiceServer branch from 6bda6de to 3cbacd9 Compare December 19, 2024 16:48
@afarbos
Copy link
Contributor Author

afarbos commented Dec 19, 2024

Thanks @afarbos. Could you please rebase your commits to squash them into logical changes? This helps maintain a clean history and simplifies reverts, if needed.

sounds good, done!

3 commits:

  • fix local dev
  • fix add update logic for identity server
  • feat expose identity service server

@afarbos afarbos force-pushed the af/RetrieveIDServiceServer branch from 3cbacd9 to 60fdfc2 Compare December 19, 2024 16:55
afarbos
afarbos commented Dec 20, 2024
View reviewed changes
cloud/services/container/clusters/kubeconfig.go
} else if updateErr := s.updateCAPIKubeconfigSecret(ctx, configSecret); updateErr != nil {
return fmt.Errorf("updating kubeconfig secret: %w", err)
} else if kubeConfig, err = s.updateCAPIKubeconfigSecret(ctx, configSecret); err != nil {
return nil, fmt.Errorf("updating kubeconfig secret: %w", err)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: this also fix the error it should have been updateErr, now everything is err

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dims dims Awaiting requested review from dims

@richardcase richardcase Awaiting requested review from richardcase

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@afarbos @k8s-ci-robot @salasberryfin