Feature Description
We should serve FilteredAPIExportEndpointSlices from the Virtual Workspace similar to how we serve APIBindings. This is import to check FilteredAPIExportEndpointSlices for the label selector.
Proposed Solution
Some initial infrastructure for this has been implemented, e.g. FilteredAPIExportEndpointSlices are registered in the virtual workspace:
|
func(ctx context.Context, apiVersion string, clusterName logicalcluster.Name, apiExportName string) (apidefinition.APIDefinition, error) { |
|
restProvider, err := provideAPIExportFilteredRestStorage(ctx, impersonatedDynamicClientGetter, clusterName, apiExportName) |
|
if err != nil { |
|
return nil, err |
|
} |
|
|
|
return apiserver.CreateServingInfoFor( |
|
mainConfig, |
|
schemas.ApisKcpDevSchemas["filteredapiexportendpointslices"], |
|
apiVersion, |
|
restProvider, |
|
) |
|
}, |
Also here:
|
if c, ok := claims[gvr.GroupResource()]; ok { |
|
key, label, err := permissionclaims.ToLabelKeyAndValue(clusterName, apiExport.Name, c) |
|
if err != nil { |
|
return fmt.Errorf("failed to convert permission claim %v to label key and value: %w", c, err) |
|
} |
|
claimLabels := []string{label} |
|
// TODO(xmudrii): figure this out for filteredapiexportendpointslice |
|
if gvr.GroupResource() == apisv1alpha2.Resource("apibindings") { |
|
_, fallbackLabel := permissionclaims.ToReflexiveAPIBindingLabelKeyAndValue(logicalcluster.From(apiExport), apiExport.Name) |
|
claimLabels = append(claimLabels, fallbackLabel) |
|
} |
|
req, err := labels.NewRequirement(key, selection.In, claimLabels) |
|
if err != nil { |
|
return fmt.Errorf("failed to create label requirement for permission claim %v: %w", c, err) |
|
} |
|
labelReqs = append(labelReqs, *req) |
|
} |
But this last part works on the specific label (ToReflexiveAPIBindingLabelKeyAndValue). Maybe it would just work if we would build a controller to label FilteredAPIExportEndpointSlices similar to APIBindings.
Alternative Solutions
No response
Want to contribute?
Additional Context
No response
