Do we want to allow pods to talk to pcluster apiservers? #206
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
severity/experience-blocker
Something that considerably blocks the user experience of kcp
Is your feature request related to a problem? Please describe.
Pre-kcp, when I write a controller and deploy it as a pod (via a deployment) to my cluster, it typically talks tokubernetes.default.svc
using in-cluster config to communicate with the apiserver (e.g. to manipulate CRs).Post-kcp, when I apply a deployment to kcp, the resulting pod(s) run in a physical cluster, but we want them talking to the kcp apiserver to perform operations against CRs and whatnot. If we don't do anything, when the pod resolveskubernetes.default.svc
, it is for the physical cluster. The pod won't be able to see the CRs in the kcp apiserver because of this.The above is covered by #280
Rescoping this to ask: do we want to allow pods to talk to pcluster apiservers? If so, how?
Describe the solution you'd like
Assuming we want to, figure out how to handle pods talking to pcluster apiservers:
Pod wants to manipulate CRsNeeds DNS for kubernetes service to resolve to KCP?Needs env vars for kubernetes to resolve to KCP?Needs SA token from kcp namespace injected into pod in physical clusterThe text was updated successfully, but these errors were encountered: