-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
https://github.com/open-cluster-management-io/cluster-proxy
Can the ACM cluster proxy for API be used to connect to the API servers on each spoke cluster? The reverse proxy is currently in tech preview. There are some changes in the reverse proxy implementation between ACM 2.5 and 2.6 which are likely API breaking. We should target the 2.6 version for the spike.
We should validate that we're able to connect to spoke clusters through the proxy using the user's access token on the hub cluster without needing to authenticate with the spoke clusters or set up additional OAuth clients. This will allow us to pierce firewalls and remove a large amount of the backend and operator code for multi-cluster.
Acceptance criteria
- Create basic prototype (console repository)
- Document any issues we've found for the ACM team
- Verify you can use the access token from the hub cluster to access spoke clusters
- Verify the user's permissions on the spoke clusters are honored
Out of scope
- Operator changes to remove the ManagedClusterView/Action resources
- Proxying to monitoring endpoints
- blocks
-
CONSOLE-3079 Evaluate moving cluster list watch to frontend
-
- To Do
-
- is cloned by
-
-
- Closed
-
- is related to
-
ACM-1140 Refactor cluster-proxy-addon with upstream version cluster-proxy
-
- Closed
-
-
-
- Closed
-
- links to
