Skip to content

kubeadm: support specifying HTTP endpoints for external etcd, allowing users to separate gRPC and HTTP traffic for etcd #134890

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

kubeadm: support specifying HTTP endpoints for external etcd, allowing users to separate gRPC and HTTP traffic for etcd #134890

wants to merge 1 commit into from
+134 −28

Conversation

@SataQiu
Copy link
Member

@SataQiu SataQiu commented Oct 26, 2025
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

kubeadm: support specifying HTTP endpoints for external etcd.

Which issue(s) this PR is related to:

Fixes kubernetes/kubeadm#3234

Special notes for your reviewer:

Does this PR introduce a user-facing change?

kubeadm: Add `HTTPEndpoints` field to `ClusterConfiguration.Etcd.ExternalEtcd` that can be used to configure the HTTP endpoints for etcd communication in v1beta4. This field is used to separate the HTTP traffic (such as /metrics and /health endpoints) from the gRPC traffic handled by Endpoints. This separation allows for better access control, as HTTP endpoints can be exposed without exposing the primary gRPC interface. Corresponds to etcd's `--listen-client-http-urls` configuration. If not provided, Endpoints will be used for both gRPC and HTTP traffic.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Oct 26, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SataQiu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 26, 2025
neolit123
neolit123 reviewed Oct 26, 2025
View reviewed changes
cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go
// HTTPEndpoints are the HTTP endpoints used to communicate with the etcd cluster.
// If not provided, the same values as in Endpoints are used.
// +optional
HTTPEndpoints []string `json:"httpEndpoints,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the existing endpoints list is validated to have http protocol in the URLs.

i think this is missing some validation in:

https://github.com/SataQiu/kubernetes/blob/c080adc2364aee7a275a9cccaf96ca8eef785c2b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go#L332C29-L332C41

  • endpoints should be validated to be non-empty and to have https?
  • if httpenpoints is not empty we should also validate it for https?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

new types should be documented in doc.go following the similar pattern from before explaining in what release it was added.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated. httpenpoints can be http instead of https.

@neolit123
Copy link
Member

/hold
for review

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 26, 2025
@pacoxu
Copy link
Member

pacoxu commented Oct 27, 2025

/priority important-soon
/triage accepted

@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 27, 2025
@SataQiu SataQiu force-pushed the kubeadm-support-etcd-http-endpoints branch from c080adc to 6e7fe31 Compare October 27, 2025 15:05
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 27, 2025
@SataQiu SataQiu force-pushed the kubeadm-support-etcd-http-endpoints branch from 6e7fe31 to 9578a41 Compare October 27, 2025 15:25
@SataQiu
kubeadm: add HTTPEndpoints field to ExternalEtcd that can be used…
a279f64 
… to configure the HTTP endpoints for etcd communication.
@SataQiu SataQiu force-pushed the kubeadm-support-etcd-http-endpoints branch from 9578a41 to a279f64 Compare October 27, 2025 15:38
@SataQiu
Copy link
Member Author

SataQiu commented Oct 28, 2025

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HirazawaUi HirazawaUi Awaiting requested review from HirazawaUi

1 more reviewer

@neolit123 neolit123 neolit123 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

'kubeadm init' fails with 'ExternalEtcdVersion' check when the gRPC and HTTP ports are segregated

4 participants

@SataQiu @k8s-ci-robot @neolit123 @pacoxu