charts,salt: Allow to set Control Plane Ingress IP to an external IP #3752
Conversation
In some context the IP used to reach the Control Plane Ingress (MetalK8s UI) is not an IP available on the node, it could be a Load balancer IP or a NATed IP, so we need to be able to configure OIDC with that kind of IP That's why we now use the Control Plane Ingress IP defined in the bootstrap config and all master Control Plane node IP as `externalIPs` for the Control Plane Ingress service, so that we can reach the Control Plane Ingress with any of those IPs (but only the Control Plane Ingress Ip will be used as redirect IP for OIDC) Re-render the Control Plane Ingress DaemonSet chart salt state using: ``` ./charts/render.py ingress-nginx-control-plane --namespace metalk8s-ingress \ charts/ingress-nginx-control-plane-daemonset.yaml charts/ingress-nginx/ \ > salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart-daemonset.sls ```
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
|
/reset |
Reset completeI have successfully deleted this pull request's integration branches. |
ConflictA conflict has been raised during the creation of I have not created the integration branch. Here are the steps to resolve this conflict: $ git fetch
$ git checkout -B w/123.0/improvement/allow-expose-cp-ingress-on-external-ip origin/development/123.0
$ git merge origin/improvement/allow-expose-cp-ingress-on-external-ip
$ # <intense conflict resolution>
$ git commit
$ git push -u origin w/123.0/improvement/allow-expose-cp-ingress-on-external-ip |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
| ) | ||
|
|
||
| return [__salt__["metalk8s_network.get_control_plane_ingress_ip"]()] + sorted( | ||
| list(mine_ret.values()) |
There was a problem hiding this comment.
FYI: no need to cast this into a list, sorted can take any iterable
There was a problem hiding this comment.
Oh right, I added the sorted at the end and you cannot concat list and dict values that's why 😄
I will merge it as is to not wait another couple of builds
|
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye teddyandrieux. |
In some context, the IP used to reach the Control Plane Ingress (MetalK8s
UI) is not an IP available on the node, it could be a Load balancer IP
or a NATed IP, so we need to be able to configure OIDC with that kind of
IP
That's why we now use the Control Plane Ingress IP defined in the
bootstrap config and all master Control Plane node IP as
externalIPsfor the Control Plane Ingress service, so that we can reach the Control
Plane Ingress with any of those IPs (but only the Control Plane Ingress
Ip will be used as redirect IP for OIDC)