Comments (10)
pmorie
commented on June 24, 2024
@onyiny-ang is going to look at this.
from cluster-registry.
perotinus
commented on June 24, 2024
Thanks @onyiny-ang!
I'm looking forward to seeing this! Hopefully the Helm chart won't diverge too much from what crinit is doing, and we'll be able to document it well enough that users understand how to set up the registry the way they want.
from cluster-registry.
onyiny-ang
commented on June 24, 2024
@perotinus I will do my best and am completely new to Helm charts so bear with me!
from cluster-registry.
perotinus
commented on June 24, 2024
@onyiny-ang @pmorie Any updates on this? I remember in the last SIG meeting there were some concerns raised around whether a Helm chart would be able to support the authentication setup that was necessary.
from cluster-registry.
pmorie
commented on June 24, 2024
@perotinus If you know all the CNs you need to sign a certificate with for the cluster registry, then you should be able to write a helm chart that does everything you need.
However, I don't think that it will be possible to write a helm chart that signs a certificate for a dynamically allocated IP for an external load balancer. The IP address would be one of the CNs you would need to know in advance to sign the certificate for the cluster registry with.
Does that make sense?
from cluster-registry.
font
commented on June 24, 2024
@perotinus We are limited by the fact that we are looking to support a cluster registry deployed both as an aggregated and standalone API server. The helm chart would work for the aggregated API server use-case, or the standalone when using NodePort only. But as @pmorie states, a helm chart would not work when using an external load balancer.
from cluster-registry.
perotinus
commented on June 24, 2024
@font @pmorie Thanks for those explanations, that makes a lot of sense.
Do you think there's value in pursuing a Helm chart for aggregated deployments (and NodePort-based independent deployments)? It seems reasonable that people would want these, it is probably an easier ramp-up path than the tool, and I'm not opposed to having multiple supported deployment models as long as there isn't then pressure to support every deployment model specifically.
from cluster-registry.
perotinus
commented on June 24, 2024
Also, I imagine that an external load balancer would work if you could provide (or predict) its DNS name?
from cluster-registry.
font
commented on June 24, 2024
@perotinus I imagine there may be requests to support a Helm chart for the CR - especially if the aggregated deployment model well supported by a Helm chart ends up being the most common. Additionally, we'd probably have to support all the deployment models for which we create tools so we should be careful.
Yes, I think that would work if we knew the external load balancer IP/DNS CNAME before signing the certificate. Or if Helm adds the ability to store state between different chart dependencies such that it could wait for that load balancer IP before signing.
Additionally, we may want to look at helm plugins to see if something like this is doable.
from cluster-registry.
pmorie
commented on June 24, 2024
Closing for now. Doesn't look like this is tractable as a solution for crinit.
from cluster-registry.
Related Issues (20)
- crinit aggregated init fail due to cannot create the clusterrole HOT 5
- crinit standalone init failed HOT 5
- Determine scoping of Cluster registry types HOT 5
- Determine name of 'public' namespace for globally accessible cluster records HOT 6
- `crinit standalone init mycr mycluster.icp-context` hang HOT 2
- Wrong cp command in the examples/samplecontainer/README.md HOT 1
- Follow-up tasks for CRD conversion HOT 4
- setting up cluster registry fails HOT 2
- How to deploy storage-provisioner HOT 1
- Where to get federation image HOT 2
- Upgrade kubebuilder to 0.1.12 HOT 1
- Link to YAML for CRD leads to 404 on website
- CRD definition is broken on kube 1.11.1 cluster HOT 6
- Add missing go tools. HOT 4
- kubefed2 join fails with gke clusters HOT 1
- Consider removing generated client HOT 4
- Re-generate client to make it compilable with 1.13 libraries HOT 10
- Support custom metadata per cluster HOT 4
- fix invalid links HOT 4
- Dead project? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cluster-registry.