Skip to content

bindata/bootkube: use loopback kubeconfig to talk to API #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jhixson74 wants to merge 1 commit into from
Closed

bindata/bootkube: use loopback kubeconfig to talk to API #156

jhixson74 wants to merge 1 commit into from

Conversation

@jhixson74
Copy link
Member

@jhixson74 jhixson74 commented Jul 23, 2019
edited
Loading

This code modifies cluster-kube-scheduler-operator to use a kubeconfig configured for localhost API access.

This is necessary due to a limitation with Azure internal load balancers. See limitation #2 here: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#limitations

"Unlike public Load Balancers which provide outbound connections when transitioning from private IP addresses inside the virtual network to public IP addresses, internal Load Balancers do not translate outbound originated connections to the frontend of an internal Load Balancer as both are in private IP address space. This avoids potential for SNAT port exhaustion inside unique internal IP address space where translation is not required. The side effect is that if an outbound flow from a VM in the backend pool attempts a flow to frontend of the internal Load Balancer in which pool it resides and is mapped back to itself, both legs of the flow don't match and the flow will fail."

kubeconfig-loopback is generated by the installer.

https://jira.coreos.com/browse/CORS-1094

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 23, 2019

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jhixson74
To complete the pull request process, please assign ravisantoshgudimetla
You can assign the PR to them by writing /assign @ravisantoshgudimetla in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 23, 2019
@jhixson74 jhixson74 force-pushed the master_azure_restrict_bootstrap_clients branch from ad23123 to 511ec56 Compare July 25, 2019 00:01
@jhixson74 jhixson74 changed the title bindata/bootkube/config: use loopback kubeconfig to talk to API bindata/bootkube: use loopback kubeconfig to talk to API Jul 25, 2019
This was referenced Jul 25, 2019
Closed
Merged
@sjenning
Copy link
Contributor

sjenning commented Jul 29, 2019

/retest

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 29, 2019
edited
Loading

@jhixson74: The following tests failed, say /retest to rerun them all:

Test name Commit Details Rerun command
ci/prow/e2e-aws 511ec56 link /test e2e-aws
ci/prow/e2e-aws-serial 511ec56 link /test e2e-aws-serial
ci/prow/e2e-aws-operator 511ec56 link /test e2e-aws-operator

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@jhixson74
Copy link
Member Author

jhixson74 commented Jul 30, 2019

This PR is no longer necessary, so I'm closing it out.

@jhixson74 jhixson74 closed this Jul 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ravisantoshgudimetla ravisantoshgudimetla Awaiting requested review from ravisantoshgudimetla

@sjenning sjenning Awaiting requested review from sjenning

Assignees

No one assigned

Labels

size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jhixson74 @openshift-ci-robot @sjenning