(Tunneling expose strategy) Api Server is not reachable via endpointslices from user cluster #11930
Labels
kind/bug
Categorizes issue or PR as related to a bug.
sig/networking
Denotes a PR or issue as being assigned to SIG Networking.
What happened?
The default API server endpoint slices i.e kubernetes in default namespace has an IP 192.168.30.10 which does not seem reachable/ routable in cerebro from user cluster. This causes the service/tools that uses endpoint-slices to fail when it fails to scrape the API server endpoint..
Currently the SAN has following allowed names which does not include the tunnelling Agent end point slices IP
Discussion on slack thread
Expected behavior
The endpoint slices IP should be reachable from user cluster. The cert issued should also include the endpoint slice IP in SAN to avoid any failure during certificate SAN verification
How to reproduce the issue?
Try to initiate any service call to the API server end point using the end point slices IP
How is your environment configured?
Provide your KKP manifest here (if applicable)
API server endpoint slices object i.e kubernetes in default namespace
What cloud provider are you running on?
AWS
What operating system are you running in your user cluster?
Flatcar Linux
The text was updated successfully, but these errors were encountered: