Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: openshift-4.12
Affects Version/s: None
Labels:
- Azure
- ServiceDelivery

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
SD ARO

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

In ARO we are using PrivateEndpoints, part of PrivateLinkService https://docs.microsoft.com/en-us/azure/private-link/private-link-service-overview. We use the PrivateLink to enable maintenance on customer clusters.

As part of the existing design, selected for its ability to support customer custom domains (not only default one), we are utilizing the DialContext e.g.

restconfig.Dial = DialContext(privateEndpointAddress, privateEndpointPort)

This forward the requests to the right PrivateEndpoint IP address, but still allows for URL resolution on the customer cluster, so that the API server is properly reached.

I have prepared the short gist with a snippet how it is done in the ARO

// Extracted example how ARO uses dialcontext propert of restconfig 
// to forward requests to cluster API server via privateEndpoint

package main

import (
    "context"
    "fmt"
    "net"
    "os"
    "time"    "k8s.io/client-go/tools/clientcmd"
)

func DialContext(privateEndpointAddress string, port string) func(ctx context.Context, network, address string) (net.Conn, error) {
    return func(ctx context.Context, network, address string) (net.Conn, error) {
        if network != "tcp" {
            return nil, fmt.Errorf("unimplemented network %q", network)
        }        return (&net.Dialer{
            Timeout:   30 * time.Second,
            KeepAlive: 30 * time.Second,
        }).DialContext(ctx, network, privateEndpointAddress+":"+port)
    }
}func main() {
    kubeconfig := os.Getenv("KUBECONFIG")
    privateEndpointAddress := os.Getenv("PE_ENDPOINT")
    privateEndpointPort := os.Getenv("PE_PORT")
    config, err := clientcmd.Load([]byte(kubeconfig))
    if err != nil {
        panic(err)
    }    
    
    restconfig, err := clientcmd.NewDefaultClientConfig(*config, &clientcmd.ConfigOverrides{}).ClientConfig()
    if err != nil {
        panic(err)
    }    
    
    restconfig.Dial = DialContext(privateEndpointAddress, privateEndpointPort)    
    
    return
}

If for any reason the formatting is wrong the same gist https://gist.github.com/petrkotas/22e23e31b848581d908dd10e1f8981af

Would you please provide the same configurable option to use the DialContext in HIVE? ARO would provide `kubeconfig`, `privateEndpointAddress` and `port`.

Without this functionality the HIVE will not be able to reach customer clusters.

Alternative designs have been considered, however none provided the required functionality.

links to

openshift/hive#1817: Azure private endpoint support

Assignee:: Mingxia Huang

Reporter:: Petr Kotas

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2022/07/01 12:08 PM

Updated:: 2022/08/26 2:16 PM

Resolved:: 2022/07/29 3:14 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates