Add service-proxy feature for accessing managed cluster services from hub #462
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jian Qiu <[email protected]>
…xy Helm chart. (stolostron#225) Signed-off-by: xuezhaojun <[email protected]>
…les to reflect the new version. Adjust formatting for consistency in YAML files. (stolostron#226) (stolostron#227) Signed-off-by: xuezhaojun <[email protected]>
…g golang.org/x/crypto v0.36.0, golang.org/x/oauth2 v0.28.0, golang.org/x/sys v0.31.0, golang.org/x/term v0.30.0, and golang.org/x/text v0.23.0. This ensures compatibility and security improvements across the project. (stolostron#230) Signed-off-by: xuezhaojun <[email protected]>
Signed-off-by: xuezhaojun <[email protected]>
Signed-off-by: Mike Ng <[email protected]>
…ctions (stolostron#235) Update README.md to use the official OCM Helm chart repository URL and correct the namespace for verification commands. - Change helm repo URL from Azure blob storage to open-cluster-management.io - Update kubectl namespace from open-cluster-management-cluster-proxy to open-cluster-management-addon Signed-off-by: Meng Yan <[email protected]>
* chore: upgrade Go to 1.24.0 and update dependencies - Upgrade Go version from 1.23.6 to 1.24.0 in go.mod - Update Dockerfile to use golang:1.24.0 - Update GitHub Actions workflows to use Go 1.24 - Upgrade golang.org/x/net from v0.34.0 to v0.46.0 - Upgrade helm.sh/helm/v3 from v3.14.2 to v3.19.0 - Upgrade sigs.k8s.io/controller-runtime from v0.18.4 to v0.22.3 - Update vendor dependencies and run go mod tidy - All tests passing after upgrades Signed-off-by: zhujian <[email protected]> Signed-off-by: zhujian <[email protected]> * chore: upgrade controller-gen to v0.18.0 Upgrade controller-gen from v0.15.0 to v0.18.0 to resolve compatibility issues with Kubernetes v0.34.1 APIs and controller-runtime v0.22.3. The previous version (v0.15.0) was unable to parse the vendored k8s.io/api package, causing manifest generation failures. This upgrade fixes the "missing argument" and "unknown type" errors during CRD generation. Changes: - Update controller-gen version in Makefile to v0.18.0 - Regenerate CRD manifests with the new controller-gen version 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> Signed-off-by: zhujian <[email protected]> --------- Signed-off-by: zhujian <[email protected]> Signed-off-by: zhujian <[email protected]> Co-authored-by: Claude <[email protected]>
Signed-off-by: xuezhaojun <[email protected]>
The linelint check doesn't provide significant value and consistently blocks code merging. Removing it to streamline the CI/CD pipeline while maintaining other quality checks through the verify, build, unit, integration, and e2e jobs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: xuezhaojun <[email protected]> Co-authored-by: Claude <[email protected]>
Signed-off-by: xuezhaojun <[email protected]>
* Add go vendors. Signed-off-by: xuezhaojun <[email protected]> * Remove CHANGELOG-0.3.0.md file This removes the changelog file for version 0.3.0 as part of the changelog directory cleanup. Signed-off-by: xuezhaojun <[email protected]> --------- Signed-off-by: xuezhaojun <[email protected]>
…access managed cluster service on the hub side. Signed-off-by: xuezhaojun <[email protected]>
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: xuezhaojun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Collaborator
Author
|
Wrong repository, moving to upstream PR open-cluster-management-io#244 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements a new service-proxy feature that enables users on the hub cluster to access services in managed clusters through an HTTPS proxy server with authentication and impersonation support.
Key Changes
New Components
Core Features
User Authentication & Impersonation
kubernetes.default.svccluster:hub:prefixHelm Chart Updates
ManagedProxyServiceResolverInfrastructure Improvements
Requirements
Testing
Related Documentation
🤖 Generated with Claude Code
Co-Authored-By: Claude [email protected]