cluster-api-provider-gcp icon indicating copy to clipboard operation
cluster-api-provider-gcp copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

feat: add support for identity service server and updating identity service

Open afarbos opened this issue 11 months ago • 13 comments
trafficstars

What type of PR is this?

/kind feature

What this PR does / why we need it:

Following https://github.com/kubernetes-sigs/cluster-api-provider-gcp/pull/1366, the goal of this PR is to expose the server used by identity enabling easier authentication without prior cluster access or secret manipulation and update of the identity service config.

Doc: https://cloud.google.com/kubernetes-engine/docs/how-to/oidc

example:

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPManagedControlPlane
metadata:
  creationTimestamp: "2024-12-17T21:31:23Z"
  finalizers:
  - gcpmanagedcontrolplane.infrastructure.cluster.x-k8s.io
  generation: 2
  labels:
    cluster.x-k8s.io/cluster-name: foo
  name: foo
  namespace: bar
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: Cluster
    name: foo
    uid: ce97e489-f1e6-4fbb-bcb9-a34f98d1eab7
  resourceVersion: "16165"
  uid: 7ceb8c04-ab91-4b3c-967a-adf3c9e9be30
spec:
  clusterName: foo
  controlPlaneVersion: 1.30.5
  enableIdentityService: true
  endpoint:
    host: 108.59.84.44
    port: 443
  location: us-central1
  project: "123456"
status:
  conditions:
  - lastTransitionTime: "2024-12-17T22:08:04Z"
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-12-17T22:08:04Z"
    reason: GKEControlPlaneCreated
    severity: Info
    status: "False"
    type: GKEControlPlaneCreating
  - lastTransitionTime: "2024-12-17T22:08:04Z"
    status: "True"
    type: GKEControlPlaneReady
  - lastTransitionTime: "2024-12-17T22:27:36Z"
    reason: GKEControlPlaneUpdated
    severity: Info
    status: "False"
    type: GKEControlPlaneUpdating
  currentVersion: 1.30.5
  identityServiceServer: https://34.134.50.254:443 # <- NEW FIELD HERE
  initialized: true
  ready: true

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #

Special notes for your reviewer:

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

  • [ ] squashed commits
  • [ ] includes documentation
  • [ ] adds unit tests

Release note:

GKEManagedControlPlane: Add support for identity service server in status and updating identity service

afarbos avatar Dec 17 '24 23:12 afarbos