Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📖 Exposing the control plane endpoint #1757

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

📖 Exposing the control plane endpoint #1757

wants to merge 1 commit into from

Conversation

mdbooth
Copy link
Contributor

@mdbooth mdbooth commented Nov 24, 2023

Adds a new docs section on exposing the control plane endpoint. Covers some of the same ground as the configuration doc, but from a higher level.

@netlify Netlify
Copy link

netlify bot commented Nov 24, 2023
edited

Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name Link
🔨 Latest commit 923a3e2
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/6560fe2e1d9b2b000854c876
😎 Deploy Preview https://deploy-preview-1757--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Nov 24, 2023
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 24, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mdbooth, mnaser

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

jichenjc
jichenjc reviewed Nov 27, 2023
View reviewed changes
docs/book/src/topics/control-plane-endpoint.md

### Bugs

While Cluster API specifies that `controlPlaneEndpoint.host` may be either a hostname or an IP address, there are still several uses of it in CAPO which assume it is an IP address and will break if it is not.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@EmilienM maybe you can check this and update it after your RP merge :)

docs/book/src/topics/control-plane-endpoint.md
The control plane endpoint can be provided by a floating IP connected directly to one of the control plane machines.

```mermaid
flowchart TD
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't remember clearly but I only tried with 1 control plane and 1 FIP
not sure how we can set 3 control plan + 1 FIP ? and maybe we don't need talk in our doc about not recommended settings, instead, talking about 1 control plane + 1 FIP as if there is no Octavia support?

lentzi90
lentzi90 reviewed Nov 27, 2023
View reviewed changes
Copy link
Contributor

@lentzi90 lentzi90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love it!

docs/book/src/topics/index.md
Comment on lines +11 to +15
- [Exposing the control plane endpoint](control-plane-endpoint.md)
- [CRD changes](crd-changes/index.md)
- [External cloud provider](external-cloud-provider.md)
- [Mover](mover.md)
- [Troubleshooting](troubleshooting.md)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep this in sync with the summary (side bar). Alternatively have the sub-sections in only one place. For the other pages it seems like we don't have the sub-sections in the summary, so perhaps that would make sense here too. I don't have a strong opinion on which way we do it though 🙂

For some reason the link does not work for the control plane endpoint in the rendered page. Not sure why.

EmilienM
EmilienM reviewed Nov 29, 2023
View reviewed changes
docs/book/src/topics/control-plane-endpoint.md

### Exposing additional control plane services running on other ports

If the control plane machines are hosting services other than the kubernetes API server, these may also be exposed via the API server loadbalancer by specifying their ports in `apiServerLoadBalancer.additionalPorts`. If using managed security groups, these ports will be automatically added to the control plane security group.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with hardcoded proto tcp/udp

@EmilienM
Copy link
Contributor

really nice work

MaysaMacedo
MaysaMacedo reviewed Dec 30, 2023
View reviewed changes
Copy link
Contributor

@MaysaMacedo MaysaMacedo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great docs!

docs/book/src/topics/control-plane-endpoint.md

### Restricting access to the loadbalancer endpoint

It is possible to restrict access to the control plane endpoint to certain source address ranges by specifying them in `apiServerLoadBalancer.allowedCIDRs`. When setting this list, the following additional CIDRs will be automatically added to the allowed list:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth to redirect user to the configuration section of this field for further information:
https://cluster-api-openstack.sigs.k8s.io/clusteropenstack/configuration#restrict-access-to-the-api-server

docs/book/src/topics/control-plane-endpoint.md
- [Specifying an alternate primary API server port](#specifying-an-alternate-primary-api-server-port)
- [Alternate Octavia provider (e.g. OVN)](#alternate-octavia-provider-eg-ovn)
- [Bugs](#bugs)
- [Floating IP](#floating-ip)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should Floating IP and No loadbalancer sections have the same indentation of the Octavia section?

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 29, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle rotten
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 28, 2024
@EmilienM
Copy link
Contributor

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Apr 29, 2024
@mdbooth mdbooth mentioned this pull request May 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EmilienM EmilienM EmilienM left review comments

@MaysaMacedo MaysaMacedo MaysaMacedo left review comments

@lentzi90 lentzi90 lentzi90 left review comments

@jichenjc jichenjc jichenjc left review comments

@mnaser mnaser mnaser approved these changes

@dulek dulek Awaiting requested review from dulek

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@mdbooth @k8s-ci-robot @EmilienM @k8s-triage-robot @mnaser @MaysaMacedo @lentzi90 @jichenjc