Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy es-kube-controllers in a multi-tenant environment #3142

Merged
merged 7 commits into from
Mar 8, 2024
Merged

Deploy es-kube-controllers in a multi-tenant environment #3142

merged 7 commits into from
Mar 8, 2024

Conversation

asincu
Copy link
Contributor

@asincu asincu commented Jan 27, 2024
edited
Loading

Description

Deploy es kube controllers in a tenant namespace to enable license copy in the managed clusters. We will use a new configuration managedclusterlicensing, that only deploy the licensing controller. We also need to impersonate kube-controllers service account from calico-system namespace, since this is the one that has rights inside the managed cluster.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@asincu asincu requested a review from a team as a code owner January 27, 2024 00:15
@marvin-tigera marvin-tigera added this to the v1.33.0 milestone Jan 27, 2024
@danudey danudey modified the milestones: v1.33.0, v1.33.1, v1.34.0 Jan 31, 2024
@asincu asincu force-pushed the multi_tenant_licensing branch 3 times, most recently from 07465e7 to 4a2e524 Compare February 8, 2024 00:19
rene-dekker
rene-dekker approved these changes Feb 12, 2024
View reviewed changes
Copy link
Member

@rene-dekker rene-dekker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

caseydavenport
caseydavenport reviewed Mar 6, 2024
View reviewed changes
pkg/controller/logstorage/kubecontrollers/es_kube_controllers.go
if err != nil {
r.status.SetDegraded(operatorv1.ResourceReadError, "Failed to get kube controllers gateway secret", err, reqLogger)
return reconcile.Result{}, err
var kubeControllersUserSecret *core.Secret
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs a comment explaining that this secret is only used for talking to es-gateway, and that when running in multi-tenant mode es-kube-controllers doesn't talk to es-gateway.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: "eskube controllers" should be "es-kube-controllers"

caseydavenport
caseydavenport approved these changes Mar 7, 2024
View reviewed changes
Copy link
Member

@caseydavenport caseydavenport left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@asincu one typo but otherwise LGTM

@asincu asincu merged commit 319da40 into tigera:master Mar 8, 2024
5 checks passed
@asincu asincu deleted the multi_tenant_licensing branch March 8, 2024 01:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caseydavenport caseydavenport caseydavenport approved these changes

@rene-dekker rene-dekker rene-dekker approved these changes

Assignees
No one assigned
Labels
docs-pr-required release-note-required
Projects
None yet
Milestone
v1.34.0
Development

Successfully merging this pull request may close these issues.
5 participants
@asincu @caseydavenport @rene-dekker @danudey @marvin-tigera