-
Epic
-
Resolution: Done
-
Critical
-
MCE 2.5.0
Epic Goal
Support the ability for a proxy connection between the hub and managed clusters
Why is this important?
- Customers have scenarios where firewalls may be in place between where the ACM hub is located and where the managed cluster is located.
- Open Cluster Management's networking model leverages an mTLS connection from the spoke to the hub api server.
Scenarios
- Support Use Case 1 and Use Case 2:
- Case 1: The managed cluster connects to a virtual IP/load balancer of the hub kube-apiserver instead of the OpenShift default external load balancer.
Case 2: The hub kube-apiserver is exposed with a reverse proxy (like NGINX and HAProxy) or API gateway. - https://docs.google.com/document/d/1QKK-sQ_KNuYdFily2G_cIuoyVdy6hUODmuRuA6vBArE/edit#heading=h.2395n33tp3ev
- Case 1: The managed cluster connects to a virtual IP/load balancer of the hub kube-apiserver instead of the OpenShift default external load balancer.
Acceptance Criteria
- Klusterlet and addons can traverse a proxy
- Leverages the global proxy setting when present on the ManagedCluster
- Can be overridden.
Dependencies (internal and external)
- ...
Previous Work (Optional):
- ...
Open questions:
- ...
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue> - DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>