Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator: Support trusted_cluster resources #49920

Open
wants to merge 34 commits into
base: master
Choose a base branch
from
Open

operator: Support trusted_cluster resources #49920

wants to merge 34 commits into from

Conversation

bernardjkim
Copy link
Contributor

@bernardjkim bernardjkim commented Dec 7, 2024
edited
Loading

Supports #22474
Requires #49789

Todo: Write up guide for managing trusted_clusters with the teleport operator
Changelog: Add trusted_cluster support for the teleport operator.

@bernardjkim
Add UpsertTrustedClusterV2 rpc
fb760dc 
This supersedes UpsertTrustedCluster rpc. V2 performs resource name
validation.
@bernardjkim
Replace confusing UpsertValidationTrustedCluster name
bc9e0fb
@bernardjkim
Use UpsertTrustedClusterV2 in tests
415d72e
@bernardjkim
Address feedback
7049271 
- Remove unnecessary ping
- Update error messages
- Use skipNameValidation consts
- Validate cluster name before establishing trust
- Do not reveal cluster name in error message
- Use BadParameter instead of CompareFailed
@bernardjkim
Merge branch 'master' into bernard/upsert-trusted-cluster-v2
7ebe5ce
@bernardjkim
Use webclient.Find
1933ba6
@bernardjkim
Fix test/lint
cb1f827
@bernardjkim
Allow label updates
6243ff2
@bernardjkim
Fix test
4142256
@bernardjkim
Merge branch 'master' into bernard/upsert-trusted-cluster-v2
5db82b4
@bernardjkim
Update CRDs
fb595da 
1. Run `make manifests`.
2. Run `make -C crdgen update-protos`.
3. Run `make -C crdgen update-snapshot`.
@bernardjkim
Implement trusted_cluster CRD
22c6756
@bernardjkim
Update docs
59ba288
@bernardjkim
Support secret lookup
ecaba63
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 7, 2024

🤖 Vercel preview here: https://docs-9489cues6-goteleport.vercel.app/docs

@bernardjkim bernardjkim mentioned this pull request Dec 10, 2024
Merged
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-bp1r7r3xa-goteleport.vercel.app/docs

@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-3fqm1fpmj-goteleport.vercel.app/docs

@marcoandredinis marcoandredinis removed their request for review December 18, 2024 14:28
Base automatically changed from bernard/upsert-trusted-cluster-v2 to master December 21, 2024 04:43
@public-teleport-github-review-bot
Copy link

@bernardjkim - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 6, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
bernard/operator-trusted-cluster 97a97ad 3 ✅SUCCEED bernard-operator-trusted-cluster 2025-01-09 19:24:12

@bernardjkim
Copy link
Contributor Author

Hey @rosstimothy, would appreciate an admin approval if you have some time.

rosstimothy
rosstimothy reviewed Jan 9, 2025
View reviewed changes
integrations/operator/apis/resources/v1/trusted_cluster_types.go Outdated Show resolved Hide resolved
integrations/operator/controllers/resources/setup.go
@@ -47,6 +47,7 @@ func SetupAllControllers(log logr.Logger, mgr manager.Manager, teleportClient *c
{"TeleportProvisionToken", NewProvisionTokenReconciler},
{"TeleportOpenSSHServerV2", NewOpenSSHServerV2Reconciler},
{"TeleportOpenSSHEICEServerV2", NewOpenSSHEICEServerV2Reconciler},
{"TeleportTrustedClusterV2", NewTrustedClusterV2Reconciler},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did the operator have a V1 for TrustedClusters? If not can we drop the V2 here and everywhere else in this PR?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since v16, new CR/CRDs reflect the resource version in their kind/name. This is reqiured to cope with Teleport resource versioning strategy. Existing resources have not been migrated yet.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this documented anywhere or tribal knowledge?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is described in RFD 160: https://github.com/gravitational/teleport/blob/master/rfd/0160-kubernetes-operator-resource-versioning.md

integrations/operator/apis/resources/v1/trusted_cluster_types.go
Comment on lines +35 to +36
// TeleportTrustedClusterV2 is the Schema for the trusted_clusters API
type TeleportTrustedClusterV2 struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need the V2 suffix?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/gravitational/teleport/blob/master/rfd/0160-kubernetes-operator-resource-versioning.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy left review comments

@hugoShaka hugoShaka hugoShaka approved these changes

@tigrato tigrato tigrato left review comments

@espadolini espadolini espadolini approved these changes

@mmcallister mmcallister Awaiting requested review from mmcallister

@ptgott ptgott Awaiting requested review from ptgott

@r0mant r0mant Awaiting requested review from r0mant

@xinding33 xinding33 Awaiting requested review from xinding33

@zmb3 zmb3 Awaiting requested review from zmb3

Assignees
No one assigned
Labels
backport/branch/v17 documentation helm size/lg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bernardjkim @espadolini @tigrato @hugoShaka @rosstimothy