search

gardener / gardener-extension-provider-azure

Gardener extension controller for the Azure cloud provider (https://azure.microsoft.com).
https://gardener.cloud
Apache License 2.0
10 stars 77 forks source link

Expose NAT gateway IP in the shoot cluster #606

Open pbochynski opened 1 year ago

pbochynski commented 1 year ago

How to categorize this issue?

/kind enhancement

What would you like to be added: Gardener can create multiple NAT Gateways: https://gardener.cloud/docs/extensions/infrastructure-extensions/gardener-extension-provider-azure/docs/usage-as-end-user/#example-shoot-manifest-zoned-with-nat-gateways-per-zone Please expose NAT Gateway IP(s) in the shoot cluster using a custom resource or config map (e.g. shoot-info)

Why is this needed: There is no simple way to figure out what is the IP address (addresses) of the NAT Gateway in the unified way (the only way is to use cloud provider API to figure it out). Users need it for configuring IP whitelisting in various services.

Maybe you can reopen this proposal: https://github.com/gardener/gardener/issues/3873

gardener-prow[bot] commented 1 year ago

@pbochynski: The label(s) area/todo cannot be applied, because the repository doesn't have them.

In response to [this](https://github.com/gardener/gardener-extension-provider-azure/issues/606): >**How to categorize this issue?** > >/area TODO >/kind enhancement > >**What would you like to be added**: >Gardener can create multiple NAT Gateways: https://gardener.cloud/docs/extensions/infrastructure-extensions/gardener-extension-provider-azure/docs/usage-as-end-user/#example-shoot-manifest-zoned-with-nat-gateways-per-zone >Please expose NAT Gateway IP(s) in the shoot cluster using a custom resource or config map (e.g. shoot-info) > >**Why is this needed**: >There is no simple way to figure out what is the IP address (addresses) of the NAT Gateway in the unified way (the only way is to use cloud provider API to figure it out). >Users need it for configuring IP whitelisting in various services. > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
kon-angelo commented 1 year ago

@pbochynski We are considering exposing the infrastructure provider status as an additional field to the shoot status. Would that work as a way to access this information or do you specifically need this info to be exposed in the shoot cluster?

pbochynski commented 1 year ago

In our case (Kyma), we do not expose the garden project to end users, so they don't have access to the shoot status. It would be better to have it propagated to the shoot. But we also can do the replication ourselves. Having the IP in the shoot status will help anyway, as we don't have to use cloud provider APIs and use Gardener API as an abstraction on top.

pbochynski commented 10 months ago

It is still valid