Do we want to allow pods to talk to pcluster apiservers? #206
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
severity/experience-blocker
Something that considerably blocks the user experience of kcp
Comments
ncdc
added
the
severity/experience-blocker
ncdc
changed the title
|
Rescoping to just case 2 - "pod wants to talk to physical cluster apiserver" as case 1 is handled by #280 |
|
I don't see how this is a valid use-case. Why would one want to talk to a pcluster, and why isn't that something outside of the standard TMC flow? |
|
Agreed, closing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Pre-kcp, when I write a controller and deploy it as a pod (via a deployment) to my cluster, it typically talks tokubernetes.default.svcusing in-cluster config to communicate with the apiserver (e.g. to manipulate CRs).Post-kcp, when I apply a deployment to kcp, the resulting pod(s) run in a physical cluster, but we want them talking to the kcp apiserver to perform operations against CRs and whatnot. If we don't do anything, when the pod resolveskubernetes.default.svc, it is for the physical cluster. The pod won't be able to see the CRs in the kcp apiserver because of this.The above is covered by #280
Rescoping this to ask: do we want to allow pods to talk to pcluster apiservers? If so, how?
Describe the solution you'd like
Assuming we want to, figure out how to handle pods talking to pcluster apiservers:
Pod wants to manipulate CRsNeeds DNS for kubernetes service to resolve to KCP?Needs env vars for kubernetes to resolve to KCP?Needs SA token from kcp namespace injected into pod in physical clusterThe text was updated successfully, but these errors were encountered: