Serve front-proxy traffic on port 6443

On-behalf-of: SAP <[email protected]>
Signed-off-by: Marvin Beckers <[email protected]>

Author: embik

config/samples/v1alpha1_kubeconfig.yaml

@@ -9,7 +9,6 @@ spec:
   username: [email protected]
   groups:
     - kcp-users
-    - system:masters
   validity: 8766h
   secretRef:
     name: sample-kubeconfig

internal/controller/kubeconfig_controller.go

@@ -89,7 +89,7 @@ func (r *KubeconfigReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 			return ctrl.Result{}, fmt.Errorf("referenced RootShard '%s' does not exist", frontProxy.Spec.RootShard.Reference.Name)
 		}
 		issuer = resources.GetRootShardCAName(&rootShard, operatorv1alpha1.FrontProxyClientCA)
-		serverURL = fmt.Sprintf("https://%s:8443", rootShard.Spec.External.Hostname)
+		serverURL = fmt.Sprintf("https://%s:6443", rootShard.Spec.External.Hostname)
 		serverName = rootShard.Spec.External.Hostname
 	default:
 		return ctrl.Result{}, fmt.Errorf("no valid target for kubeconfig found")

internal/resources/frontproxy/deployment.go

@@ -61,7 +61,7 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 				Ports: []corev1.ContainerPort{
 					{
 						Name:          "https",
-						ContainerPort: 8443,
+						ContainerPort: 6443,
 						Protocol:      corev1.ProtocolTCP,
 					},
 				},
@@ -244,15 +244,15 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 func getArgs(frontproxy *operatorv1alpha1.FrontProxy) []string {
 
 	args := []string{
-		"--secure-port=8443",
+		"--secure-port=6443",
 		"--root-kubeconfig=/etc/kcp-front-proxy/kubeconfig/kubeconfig",
 		"--shards-kubeconfig=/etc/kcp-front-proxy/kubeconfig/kubeconfig",
 		"--tls-private-key-file=/etc/kcp-front-proxy/tls/tls.key",
 		"--tls-cert-file=/etc/kcp-front-proxy/tls/tls.crt",
 		"--client-ca-file=/etc/kcp-front-proxy/client-ca/tls.crt",
 		"--mapping-file=/etc/kcp-front-proxy/config/path-mapping.yaml",
 		"--service-account-key-file=/etc/kcp/tls/service-account/tls.key",
-		"--authentication-drop-groups=system:kcp:logical-cluster-admin",
+		//"--authentication-drop-groups=system:kcp:logical-cluster-admin",
 	}
 
 	return args

internal/resources/frontproxy/service.go

@@ -46,8 +46,8 @@ func ServiceReconciler(frontProxy *operatorv1alpha1.FrontProxy) reconciling.Name
 
 			port.Name = "https"
 			port.Protocol = corev1.ProtocolTCP
-			port.Port = 8443
-			port.TargetPort = intstr.FromInt32(8443)
+			port.Port = 6443
+			port.TargetPort = intstr.FromInt32(6443)
 			port.AppProtocol = ptr.To("https")
 
 			svc.Spec.Ports = []corev1.ServicePort{