New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for specifying Kube API server advertise address/port #356
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: csrwng The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test e2e-aws |
/cc @relyt0925 |
do we need to change these? hypershift/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go Line 68 in a86c74d
hypershift/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go Line 1684 in a86c74d
|
/hold |
this prototype pr might help provide reference: |
Why is this needed? In hypershift clusters, we run an HA proxy server on each worker. This HA proxy server listens on a local interface and sends traffic to the external control plane endpoint. To listen on the local interface, we assign a dummy address to the loopback device and make that the API server's advertise address. In some cases, it may be necessary to change what this dummy address is to not interfere with valid network address ranges in the customer's environment. This change allows specifying that through the API. The secure port at which the API server listens is also the same port at which the HA proxy must listen on worker nodes. In the case of ROKS, this has historically been different than the default (2040 instead of 6443). It may also be necessary to modify this port to not interfere with pods listening on ports that are bound to the host network on worker nodes.
/test e2e-aws |
/hold cancel |
/lgtm |
this is a very exciting milestone :) great work all! |
Why is this needed? In hypershift clusters, we run an HA proxy server on
each worker. This HA proxy server listens on a local interface and sends
traffic to the external control plane endpoint. To listen on the local
interface, we assign a dummy address to the loopback device and make
that the API server's advertise address. In some cases, it may be
necessary to change what this dummy address is to not interfere with
valid network address ranges in the customer's environment. This change
allows specifying that through the API.
The secure port at which the API server listens is also the same port at
which the HA proxy must listen on worker nodes. In the case of ROKS,
this has historically been different than the default (2040 instead of
6443). It may also be necessary to modify this port to not interfere
with pods listening on ports that are bound to the host network on
worker nodes.