You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
kamaji by default sets spec.networkProfile.port in server endpoint of "my-cluster-control-plane-admin-kubeconfig" Secret, but when using ingress you may need to customize the port in that Secret.
Specifying port in spec.controlPlane.ingress.hostname as my.domain.cloud:443 results in a broken ingress spec:
2023-08-04T10:19:47Z ERROR handling of resource failed {"controller": "tenantcontrolplane", "controllerGroup": "kamaji.clastix.io", "controllerKind": "TenantControlPlane", "TenantControlPlane": {"name":"my-cluster-control-plane","namespace":"capi-tenants"}, "namespace": "capi-tenants", "name": "my-cluster-control-plane", "reconcileID": "391fa624-5bb4-4d59-ac3b-80781104ee0d", "resource": "ingress", "error": "Ingress.extensions \"my-cluster-control-plane\" is invalid: spec.rules[0].host: Invalid value: \"my-cluster.my.domain.cloud:443\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"}
github.com/clastix/kamaji/controllers.(*TenantControlPlaneReconciler).Reconcile
/workspace/controllers/tenantcontrolplane_controller.go:182
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:122
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:323
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:274
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:235
2023-08-04T10:19:47Z ERROR Reconciler error {"controller": "tenantcontrolplane", "controllerGroup": "kamaji.clastix.io", "controllerKind": "TenantControlPlane", "TenantControlPlane": {"name":"my-cluster-control-plane","namespace":"capi-tenants"}, "namespace": "capi-tenants", "name": "my-cluster-control-plane", "reconcileID": "391fa624-5bb4-4d59-ac3b-80781104ee0d", "error": "Ingress.extensions \"my-cluster-control-plane\" is invalid: spec.rules[0].host: Invalid value: \"my-cluster.my.domain.cloud:443\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:329
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:274
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:235
A possible solution would be to parse spec.controlPlane.ingress.hostname to strip the port thus creating a valid ingress resource, and then only use this port to generate the "my-cluster-control-plane-admin-kubeconfig" Secret .
The text was updated successfully, but these errors were encountered:
Kamaji has been always designed to avoid port translation, also from the Service standpoint.
We already have a sort of heritage that we have to keep. I would suggest addressing this in this way:
if the port is unspecified in the Ingress hostname, the NetworkProfile one will be used.
if a port is specified in the Ingress Hostname, it will be stripped from the FQDN to let create the Ingress object, and the provided port will be injected in the admin Kubeconfig since it will reached by users on that specific endpoint
kamaji by default sets
spec.networkProfile.port
inserver
endpoint of "my-cluster-control-plane-admin-kubeconfig"Secret
, but when usingingress
you may need to customize the port in thatSecret
.Specifying port in
spec.controlPlane.ingress.hostname
asmy.domain.cloud:443
results in a brokeningress
spec:A possible solution would be to parse
spec.controlPlane.ingress.hostname
to strip the port thus creating a validingress
resource, and then only use this port to generate the "my-cluster-control-plane-admin-kubeconfig"Secret
.The text was updated successfully, but these errors were encountered: