Kubernetes Control Plane Charm

New kubernetes-client relation

Bug #1886982 reported by Ryan Farrell on 2020-07-09

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Kubernetes Control Plane Charm	Triaged	Wishlist	Unassigned

Bug Description

We are working to create a new charm for externally monitoring health of the kubernetes cluster in which the charm requires access to the kube-api. Currently we can use the two existing relations kube-api-endpoint, which provides the api url + port and kube-control, which contains a client token used to authenticate with the kube-api-server. This currently allows access to the API but since we are lacking the trusted ssl ca cert, it must be done with no cert checks, unless kubernetes-service-checks also relates to easyrsa with the certificates relation. This seems a bit heavy.

Instead of consuming 3 relatons to just act as a client to k8s, kubernetes-master charm ought to offer a new relation "kubernetes-client" which can provide all the necessary information through a single interface:

  k8s-api-hostname or ip,
  k8s-api-port
  trusted_ssl_ca
  client_token

George Kraft (cynerva) on 2020-07-10

Changed in charm-kubernetes-master:
importance:	Undecided → Wishlist
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.