Refactor code structure for improved readability and maintainability#477
Open
hamzabouissi wants to merge 6 commits into
Open
Refactor code structure for improved readability and maintainability#477hamzabouissi wants to merge 6 commits into
hamzabouissi wants to merge 6 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new Traefik documentation page describing how to expose Kubernetes API access through Traefik (IngressRouteTCP + IP allowlist) and links it into the Docusaurus sidebar.
Changes:
- Added
expose-kubeapi-serverdocumentation under the Traefik docs section. - Updated
sidebars.jsto include the new page in the “Traefik Ingress” sidebar list.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| sidebars.js | Adds the new Traefik doc page to the navigation sidebar. |
| docs/deploy-applications/traefik/expose-kubeapi-server.md | Introduces a new guide for exposing the Kubernetes API via Traefik with IP allowlisting and OIDC kubectl config. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
| @@ -0,0 +1,216 @@ | |||
| --- | |||
| id: expose-kubeapi-server | |||
| title: Expose kube-api access to the public word with OIDC and restricted ip list | |||
Comment on lines
+6
to
+8
| ## Prerequisite | ||
|
|
||
| the client must have the following tools installed: |
Comment on lines
+39
to
+41
| - apiGroups: [""] | ||
| resources: ["pods", "pods/portforward"] | ||
| verbs: ["get", "list", "create"] |
Comment on lines
+54
to
+56
| - kind: Group | ||
| name: oidc:glueops-rocks:captain_domain_glueops-kubectl-pfwd | ||
| apiGroup: rbac.authorization.k8s.io |
Comment on lines
+166
to
+168
| - addresses: | ||
| - ip: 192.168.0.1 | ||
| ports: |
|
|
||
| ## Setup config for kubectl access | ||
|
|
||
| in the current cluster, run the following and it will create a file `kubeconfig.yaml` and then handle it to the customer. |
| "deploy-applications/traefik/traefik-overview", | ||
| "deploy-applications/traefik/traefik-standard-ingress", | ||
| "deploy-applications/traefik/traefik-basic-ingressroute", | ||
| "deploy-applications/traefik/expose-kubeapi-server", |
| "deploy-applications/traefik/traefik-overview", | ||
| "deploy-applications/traefik/traefik-standard-ingress", | ||
| "deploy-applications/traefik/traefik-basic-ingressroute", | ||
| "deploy-applications/traefik/expose-kubeapi-server", |
venkatamutyala
added a commit
that referenced
this pull request
Jun 13, 2026
* docs: add developer guide for cluster access with kubectl #patch Adds an end-user guide covering kubectl/krew/oidc-login prerequisites, creating the kubeconfig from the cluster-info page, GitHub device-code sign-in, the three access tiers (reader/debugger/operator), and namespace-scoped access with troubleshooting. Adds a CAPTAIN_NAMESPACE sentinel to the swizzled CodeBlock so commands render with the reader's environment namespace (the first label of the Captain Domain), and a CSS rule so an inline CaptainDomain inside a code chip blends into a single monospace token. Supersedes the operator-focused draft in PR #477: the Traefik exposure and RBAC manifests now live in the per-cluster GitOps repos, and the hand-built kubeconfig script is replaced by the cluster-info kubeconfig. * docs: address review feedback on cluster access guide #patch - clarify oidc-login is installed via krew and needs ~/.krew/bin on PATH - soften device-code wording (browser may open automatically) - use 'kubectl oidc-login clean' instead of rm -rf for token cache - note connection may be refused (not only hang) when IP not allowlisted * docs: align kubectl-access reality across docs #patch - correct .ai/reference.md Verify convention: developers now have namespace-scoped kubectl access, so scoped kubectl verification is acceptable (was: 'platform users do not have kubectl access') - cross-link the kubectl access guide from the ExternalSecret tip * docs: address PR review feedback (Copilot) #patch - reference.md: drop stale 'three patterns' count (table lists more) - custom.css: fully blend custom-domain token inside code chips (reset border/radius, not just background) - e2e: add CAPTAIN_NAMESPACE coverage on the new access page (default + custom domain), closing the regression gap - e2e: fix pre-existing playwright version mismatch (@playwright/test 1.49.1 vs base image 1.58.2) that broke the entire suite
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.