Skip to content

Deprecate ExternalHostname string in favor of External structure #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kcp-ci-bot merged 2 commits into from
Oct 17, 2025
Merged

Deprecate ExternalHostname string in favor of External structure #113

kcp-ci-bot merged 2 commits into from
Oct 17, 2025

Conversation

@mjudeikis
Copy link
Contributor

@mjudeikis mjudeikis commented Oct 14, 2025

Summary

This PR deprecates the ExternalHostname string field in the FrontProxySpec in favor of a new structured External configuration that provides more flexibility for configuring external access to front-proxy instances.

Key Changes

API Changes

  • Deprecate FrontProxySpec.ExternalHostname field with deprecation notice
  • Add new FrontProxySpec.External structure of type ExternalConfig with the following fields:
    • Hostname (required): External hostname for the front-proxy
    • Port (required): External port for the front-proxy
    • PrivateHostname (optional): Internal hostname for kcp component communication
    • PrivatePort (optional): Internal port for kcp component communication
  • Extend RootShard.Spec.External with optional PrivateHostname and PrivatePort fields for internal access patterns
  • Add CEL validation rule preventing simultaneous use of deprecated ExternalHostname and new External.hostname fields

Implementation Updates

  • Update kubeconfig generation logic to prioritize FrontProxy.Spec.External configuration over deprecated field
  • Update certificate generation to include private hostnames in DNS SANs when configured
  • Update RootShard external kubeconfig generation to support private hostname/port for internal communication
  • Pass FrontProxy object through kubeconfig controller chain for proper external configuration resolution

Backward Compatibility

The deprecated ExternalHostname field is maintained for backward compatibility. Existing configurations will continue to work, but users are encouraged to migrate to the new External structure.

What Type of PR Is This?

/kind api-change
/kind deprecation
/kind feature

Related Issue(s)

Fixes #

Release Notes

Deprecate FrontProxySpec.ExternalHostname in favor of structured External configuration with support for separate internal/external hostnames and ports.

@kcp-ci-bot kcp-ci-bot added kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. kind/feature Categorizes issue or PR as related to a new feature. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 14, 2025
@mjudeikis mjudeikis requested a review from Copilot October 14, 2025 10:32
Copilot AI reviewed Oct 14, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR deprecates the ExternalHostname string field in the FrontProxySpec in favor of a new structured External configuration that provides more flexibility for configuring external access to front-proxy instances.

  • Add new External structure with hostname, port, and optional private hostname/port fields for both FrontProxy and RootShard specs
  • Deprecate ExternalHostname field with CEL validation to prevent simultaneous use of old and new fields
  • Update kubeconfig and certificate generation logic to prioritize the new External configuration

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
frontproxy_types.go Adds new External field and deprecates ExternalHostname with CEL validation
rootshard_types.go Extends ExternalConfig with optional PrivateHostname and PrivatePort fields
kubeconfig/secret.go Updates kubeconfig generation to use new External configuration
frontproxy/certificates.go Updates certificate generation to include private hostnames in DNS SANs
controller/kubeconfig/controller.go Passes FrontProxy object through controller chain
rootshard/kubeconfigs.go Adds support for private hostname/port in RootShard kubeconfig generation
Various generated files Auto-generated code updates for new fields and deepcopy methods
CRD files Updates to CustomResourceDefinition schemas for new fields
run-e2e-tests.sh Adds health probe bind address configuration

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

internal/resources/frontproxy/certificates.go Outdated
Comment on lines 85 to 95
dnsNames = append(dnsNames, r.rootShard.Spec.External.Hostname)
if r.rootShard.Spec.External.PrivateHostname != "" {
dnsNames = append(dnsNames, r.rootShard.Spec.External.PrivateHostname)
}

// DEPRECATED: keep support for the deprecated ExternalHostname field for now
// to not break existing front-proxy installations.
if r.frontProxy.Spec.ExternalHostname != "" {
dnsNames = append(dnsNames, r.frontProxy.Spec.ExternalHostname)
} else {
dnsNames = append(dnsNames, r.rootShard.Spec.External.Hostname)
Copy link

Copilot AI Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic doesn't handle the new External.Hostname field. When using the new External configuration, the hostname from External.Hostname should be added to dnsNames, but this code only adds the deprecated ExternalHostname or falls back to rootShard hostname.

Suggested change
dnsNames = append(dnsNames, r.rootShard.Spec.External.Hostname)
if r.rootShard.Spec.External.PrivateHostname != "" {
dnsNames = append(dnsNames, r.rootShard.Spec.External.PrivateHostname)
}
// DEPRECATED: keep support for the deprecated ExternalHostname field for now
// to not break existing front-proxy installations.
if r.frontProxy.Spec.ExternalHostname != "" {
dnsNames = append(dnsNames, r.frontProxy.Spec.ExternalHostname)
} else {
dnsNames = append(dnsNames, r.rootShard.Spec.External.Hostname)
if r.rootShard.Spec.External.Hostname != "" {
dnsNames = append(dnsNames, r.rootShard.Spec.External.Hostname)
}
if r.rootShard.Spec.External.PrivateHostname != "" {
dnsNames = append(dnsNames, r.rootShard.Spec.External.PrivateHostname)
}
// Add the new External.Hostname field from the frontProxy spec if set
if r.frontProxy.Spec.External != nil && r.frontProxy.Spec.External.Hostname != "" {
dnsNames = append(dnsNames, r.frontProxy.Spec.External.Hostname)
}
// DEPRECATED: keep support for the deprecated ExternalHostname field for now
// to not break existing front-proxy installations.
if r.frontProxy.Spec.ExternalHostname != "" {
dnsNames = append(dnsNames, r.frontProxy.Spec.ExternalHostname)

Copilot uses AI. Check for mistakes.
internal/resources/kubeconfig/secret.go
Comment on lines +125 to +131
// New flow:
if frontProxy.Spec.External.Hostname != "" {
serverURL = fmt.Sprintf("https://%s:%d", frontProxy.Spec.External.Hostname, frontProxy.Spec.External.Port)
} else {
// Old flow:
serverURL = fmt.Sprintf("https://%s:%d", rootShard.Spec.External.Hostname, rootShard.Spec.External.Port)
}
Copy link

Copilot AI Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing fallback to deprecated ExternalHostname field. The logic should check for the deprecated ExternalHostname when External.Hostname is empty, before falling back to rootShard configuration.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@mjudeikis mjudeikis Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its ok. ExternalHostname was never used here

@mjudeikis mjudeikis requested a review from embik October 14, 2025 10:33
@mjudeikis mjudeikis mentioned this pull request Oct 14, 2025
Closed
@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 14, 2025

/retest

@embik
Copy link
Member

embik commented Oct 14, 2025

/retest

?

@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 14, 2025

/retest

?

Trying locally, as these looks like old flakes

@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 15, 2025

/retest
last try before I start debugging

@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 15, 2025

/retest

2 similar comments
@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 15, 2025

/retest

@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 16, 2025

/retest

@embik
Copy link
Member

embik commented Oct 16, 2025

/retest

still flaky but different flaky, I guess.

@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 16, 2025

/retest

1 similar comment
@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 17, 2025

/retest

@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 17, 2025

/retest
lets see what CI tells us

@mjudeikis mjudeikis force-pushed the mjudeikis/deprecate.fp.url.setting branch from 76fcccf to d0d2a7c Compare October 17, 2025 06:40
@mjudeikis
Copy link
Contributor Author

mjudeikis commented Oct 17, 2025

/retest
kcp got bumped

@mjudeikis mjudeikis force-pushed the mjudeikis/deprecate.fp.url.setting branch from d0d2a7c to b14dbd3 Compare October 17, 2025 08:07
embik
embik approved these changes Oct 17, 2025
View reviewed changes
Copy link
Member

@embik embik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@kcp-ci-bot kcp-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Oct 17, 2025
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Oct 17, 2025

LGTM label has been added.

Git tree hash: f06199360dfe2d1c5e16b8879696e0a336073f06

@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Oct 17, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: embik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 17, 2025
@kcp-ci-bot kcp-ci-bot merged commit 3923c22 into kcp-dev:main Oct 17, 2025
10 checks passed
@mjudeikis mjudeikis mentioned this pull request Oct 20, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@embik embik embik approved these changes

Assignees

@embik embik

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mjudeikis @embik @kcp-ci-bot