feature: support ingress based routing for frontproxy #124
Description
Feature Description
I was following this guide to setup a test environment https://github.com/kcp-dev/kcp/pull/3712/files. The example focuses on use of LB services, which I wanted to avoid. So, my setup included internal communication over ClusterIP services across all resources mentioned in the example, FrontProxy, Shard, RootShard. and for the FrontProxy, here's the complete spec
spec:
auth:
oidc:
clientID: platform-mesh
clientSecret: token
groupsClaim: groups
groupsPrefix: 'oidc:'
issuerURL: 'example.com'
usernameClaim: email
usernamePrefix: 'oidc:'
serviceAccount:
enabled: true
caBundleSecretRef:
name: letsencrypt-ca
certificateTemplates:
server:
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-test
spec:
dnsNames:
- test.vespucci.com
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt-test
external:
hostname: test.vespucci.com
port: 6443
rootShard:
ref:
name: root
serviceTemplate:
spec:
type: ClusterIP
The problem is, the kubeconfig generated for frontproxy has port 6443 mentioned in the URL which is right when LBs are used but wrong when Ingress is used.
I was wondering if there's an option to fix that in the operator, if not, I'd like it to be implemented.
Proposed Solution
Operator should make a distinction in both approaches, or assume ingress based routing when ClusterIP is used with external block also mentioned in FrontProxy CR.
Alternative Solutions
Separate set of automation to strip port from kubeconfig url
Want to contribute?
- I would like to work on this issue.
Additional Context
No response