server: revert non-standalone VW URL

Partially reverts logic introduced in kcp-dev#2407 so we don't unconditionally use the external URL - when non-standalone VW mode is used we still need the old behavior, or the loopback client can't access the VW server. This breaks shard bootstrapping (evidently not in our e2e scenarios, but in a real deployment where probes mean the proxy isn't ready until the shard bootstrap is complete)
hardys · Jan 24, 2023 · a849cc8 · a849cc8
1 parent 7b3126c
commit a849cc8
Showing 1 changed file with 21 additions and 17 deletions.
diff --git a/pkg/server/controllers.go b/pkg/server/controllers.go
@@ -812,26 +812,30 @@ func (s *Server) installAPIBinderController(ctx context.Context, config *rest.Co
 	config = rest.CopyConfig(config)
 	config = rest.AddUserAgent(config, initialization.ControllerName)
 
-	vwURL := fmt.Sprintf("https://%s", s.GenericConfig.ExternalAddress)
-	if !s.Options.Virtual.Enabled && s.Options.Extra.ShardVirtualWorkspaceURL != "" {
-		if s.Options.Extra.ShardVirtualWorkspaceCAFile == "" {
-			// TODO move verification up
-			return fmt.Errorf("s.Options.Extra.ShardVirtualWorkspaceCAFile is required")
-		}
-		if s.Options.Extra.ShardClientCertFile == "" {
-			// TODO move verification up
-			return fmt.Errorf("s.Options.Extra.ShardClientCertFile is required")
-		}
-		if s.Options.Extra.ShardClientKeyFile == "" {
-			// TODO move verification up
-			return fmt.Errorf("s.Options.Extra.ShardClientKeyFile is required")
+	if s.Options.Virtual.Enabled {
+		config.Host += initializingworkspacesbuilder.URLFor(tenancyv1alpha1.WorkspaceAPIBindingsInitializer)
+	} else {
+		vwURL := fmt.Sprintf("https://%s", s.GenericConfig.ExternalAddress)
+		if s.Options.Extra.ShardVirtualWorkspaceURL != "" {
+			if s.Options.Extra.ShardVirtualWorkspaceCAFile == "" {
+				// TODO move verification up
+				return fmt.Errorf("s.Options.Extra.ShardVirtualWorkspaceCAFile is required")
+			}
+			if s.Options.Extra.ShardClientCertFile == "" {
+				// TODO move verification up
+				return fmt.Errorf("s.Options.Extra.ShardClientCertFile is required")
+			}
+			if s.Options.Extra.ShardClientKeyFile == "" {
+				// TODO move verification up
+				return fmt.Errorf("s.Options.Extra.ShardClientKeyFile is required")
+			}
+			config.TLSClientConfig.CAFile = s.Options.Extra.ShardVirtualWorkspaceCAFile
+			config.TLSClientConfig.CertFile = s.Options.Extra.ShardClientCertFile
+			config.TLSClientConfig.KeyFile = s.Options.Extra.ShardClientKeyFile
 		}
-		config.TLSClientConfig.CAFile = s.Options.Extra.ShardVirtualWorkspaceCAFile
-		config.TLSClientConfig.CertFile = s.Options.Extra.ShardClientCertFile
-		config.TLSClientConfig.KeyFile = s.Options.Extra.ShardClientKeyFile
+		config.Host = fmt.Sprintf("%v%v", vwURL, initializingworkspacesbuilder.URLFor(tenancyv1alpha1.WorkspaceAPIBindingsInitializer))
 	}
 
-	config.Host = fmt.Sprintf("%v%v", vwURL, initializingworkspacesbuilder.URLFor(tenancyv1alpha1.WorkspaceAPIBindingsInitializer))
 	initializingWorkspacesKcpClusterClient, err := kcpclientset.NewForConfig(config)
 	if err != nil {
 		return err