server: revert non-standalone VW URL

Partially reverts logic introduced in kcp-dev#2407 so we don't unconditionally use the external URL - when non-standalone VW mode is used we still need the old behavior, or the loopback client can't access the VW server. This breaks shard bootstrapping (evidently not in our e2e scenarios, but in a real deployment where probes mean the proxy isn't ready until the shard bootstrap is complete)
hardys · Jan 23, 2023 · bcdea2a · bcdea2a
1 parent 7b3126c
commit bcdea2a
Showing 1 changed file with 21 additions and 18 deletions.
diff --git a/pkg/server/controllers.go b/pkg/server/controllers.go
@@ -811,27 +811,30 @@ func (s *Server) installAPIBinderController(ctx context.Context, config *rest.Co
 	// Client used to create APIBindings within the initializing workspace
 	config = rest.CopyConfig(config)
 	config = rest.AddUserAgent(config, initialization.ControllerName)
-
-	vwURL := fmt.Sprintf("https://%s", s.GenericConfig.ExternalAddress)
-	if !s.Options.Virtual.Enabled && s.Options.Extra.ShardVirtualWorkspaceURL != "" {
-		if s.Options.Extra.ShardVirtualWorkspaceCAFile == "" {
-			// TODO move verification up
-			return fmt.Errorf("s.Options.Extra.ShardVirtualWorkspaceCAFile is required")
-		}
-		if s.Options.Extra.ShardClientCertFile == "" {
-			// TODO move verification up
-			return fmt.Errorf("s.Options.Extra.ShardClientCertFile is required")
-		}
-		if s.Options.Extra.ShardClientKeyFile == "" {
-			// TODO move verification up
-			return fmt.Errorf("s.Options.Extra.ShardClientKeyFile is required")
+	config.Host += initializingworkspacesbuilder.URLFor(tenancyv1alpha1.WorkspaceAPIBindingsInitializer)
+
+	if s.Options.Extra.ShardVirtualWorkspaceURL != "" {
+		vwURL := s.Options.Extra.ShardVirtualWorkspaceURL
+		if !s.Options.Virtual.Enabled {
+			if s.Options.Extra.ShardVirtualWorkspaceCAFile == "" {
+				// TODO move verification up
+				return fmt.Errorf("s.Options.Extra.ShardVirtualWorkspaceCAFile is required")
+			}
+			if s.Options.Extra.ShardClientCertFile == "" {
+				// TODO move verification up
+				return fmt.Errorf("s.Options.Extra.ShardClientCertFile is required")
+			}
+			if s.Options.Extra.ShardClientKeyFile == "" {
+				// TODO move verification up
+				return fmt.Errorf("s.Options.Extra.ShardClientKeyFile is required")
+			}
+			config.TLSClientConfig.CAFile = s.Options.Extra.ShardVirtualWorkspaceCAFile
+			config.TLSClientConfig.CertFile = s.Options.Extra.ShardClientCertFile
+			config.TLSClientConfig.KeyFile = s.Options.Extra.ShardClientKeyFile
 		}
-		config.TLSClientConfig.CAFile = s.Options.Extra.ShardVirtualWorkspaceCAFile
-		config.TLSClientConfig.CertFile = s.Options.Extra.ShardClientCertFile
-		config.TLSClientConfig.KeyFile = s.Options.Extra.ShardClientKeyFile
+		config.Host = fmt.Sprintf("%v%v", vwURL, initializingworkspacesbuilder.URLFor(tenancyv1alpha1.WorkspaceAPIBindingsInitializer))
 	}
 
-	config.Host = fmt.Sprintf("%v%v", vwURL, initializingworkspacesbuilder.URLFor(tenancyv1alpha1.WorkspaceAPIBindingsInitializer))
 	initializingWorkspacesKcpClusterClient, err := kcpclientset.NewForConfig(config)
 	if err != nil {
 		return err