Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom Endpoint Support #1391

Open
barbacbd opened this issue Jan 13, 2025 · 8 comments
Open

Custom Endpoint Support #1391

barbacbd opened this issue Jan 13, 2025 · 8 comments
Assignees
@richardcase @cpanato @salasberryfin
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@barbacbd
Copy link
Contributor

/kind feature

Describe the solution you'd like
[A clear and concise description of what you want to happen.]
As a user I want to be able to use GCP Restricted and/or Private API endpoints while deploying OpenShift so I can be complaint with my company security policies.

For users with strict regulatory policies, Private Service Connect allows private consumption of services across VPC networks that belong to different groups, teams, projects, or organizations. Supporting these private endpoints is key for these customers to be able to deploy the platform on GCP and be complaint with their regulatory policies.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
This will require API changes to allow the users to supply any/all API Endpoint information. This will require a strict structure to manage valid service names. For instance "compute" should be excepted as a key or name of a service but "comp" cannot be accepted. This will probably require extra documentation.
@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 13, 2025
@barbacbd
Copy link
Contributor Author

/cc @patrickdillon

@barbacbd
Copy link
Contributor Author

/cc @damdo

@barbacbd
Copy link
Contributor Author

Would it be better to add something like

ServiceEndpoints map[string]string `json:"serviceEndpoints,omitempty"`

To the cluster spec (and status) or to the Controller?

@damdo
Copy link
Member

damdo commented Jan 14, 2025

/assign @richardcase @salasberryfin @cpanato
For reviews

@damdo
Copy link
Member

damdo commented Jan 14, 2025

@barbacbd where are the touchpoints in code where these service endpoints will be plugging in (overriding the default I guess)?

@patrickdillon
Copy link

patrickdillon commented Jan 14, 2025
edited
Loading

It might be worth noting that CAPA passes the aws equivalent endpoints through flags: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/pkg/cloud/endpoints/endpoints.go

@barbacbd
Copy link
Contributor Author

@damdo The place where these would actually be set is in this file: https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/cloud/scope/clients.go.

There is currently an example here: https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/cloud/scope/clients.go#L151. Similarly, we would need these for any client we create. In this case though we can pass a *string or string. If there is a value set for the endpoint override then we would add that as an opt option when creating the client for that particular service.

@damdo
Copy link
Member

damdo commented Jan 15, 2025

Sound a reasonable feature to me.
Happy to review a PR that implements this for CAPG.
Do you agree @cpanato @richardcase @salasberryfin ?

@barbacbd barbacbd mentioned this issue Jan 22, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richardcase richardcase

@cpanato cpanato

@salasberryfin salasberryfin

Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@richardcase @cpanato @patrickdillon @damdo @salasberryfin @barbacbd @k8s-ci-robot