Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Machine ID: Support path-based Kubernetes routing #50898

Draft
wants to merge 3 commits into
base: timothyb89/kubernetes-path-routing
Choose a base branch
from
Draft

Machine ID: Support path-based Kubernetes routing #50898

wants to merge 3 commits into from

Conversation

timothyb89
Copy link
Contributor

@timothyb89 timothyb89 commented Jan 9, 2025
edited
Loading

This adds a new kubernetes/v2 service to support path-based routing, which allows clients to access an arbitrary number of Kubernetes clusters using a single issued identity.

It can be used with tbot start kubernetes/v2 and specifying one or more explicit clusters with --kubernetes-cluster-name or a label selector with --kubernetes-cluster-labels.

Part of #40405. Requires #50567.

This was referenced Jan 9, 2025
Open
Merged
@timothyb89
Machine ID: Support path-based Kubernetes routing
d48395a 
This adds a new `kubernetes/v2` service to support path-based
routing, which allows clients to access an arbitrary number of
Kubernetes clusters using a single issued identity.

It can be used with `tbot start kubernetes/v2` and specifying one or
more explicit clusters with `--kubernetes-cluster-name` or a label
selector with `--kubernetes-cluster-labels`.
@timothyb89
Added tests for new Kubernetes selector behavior
ca8db25
@timothyb89
Fix failing tests
eef0afc
@timothyb89 timothyb89 force-pushed the timothyb89/kubernetes-path-routing-tbot branch from c5e81d3 to eef0afc Compare January 14, 2025 03:59
strideynet
strideynet reviewed Jan 14, 2025
View reviewed changes
lib/tbot/config/service_kubernetes_v2.go
type KubernetesSelector struct {
Name string `yaml:"name,omitempty"`

Labels map[string]string `yaml:"labels,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When specifying selectors throughout the rest of Teleport, we usually seem to support multiple values being provided as an OR. Perhaps we ought to support that here for consistency.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's always a chance I'm just missing a better API, but we don't seem to expose any generic RPC for querying resources with a list of label values from a client. ListResources only supports a map[string]string label selector, sadly. This API also doesn't accept wildcards, which is unfortunate.

That does put this at odds with #50812 which has explicit server-side support for full label queries through its RPC. What do you think, does this limitation pose a significant UX problem?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah - in which case, let's leave it as is for now. I'd figured that the ListResources API would support this but apparently not. It should be possible to migrate from map[string]string to map[string][]string at a later date anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strideynet strideynet strideynet left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timothyb89 @strideynet