Skip to content

Set up discovery service on community infra #8960

New issue
New issue
Open
Open
Set up discovery service on community infra#8960
Labels
area/infra/gcpIssues or PRs related to Kubernetes GCP infrastructurekind/featureCategorizes issue or PR as related to a new feature.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
v1.36
@justinsb

Description

@justinsb
justinsb
opened on Jan 19, 2026

The e2e tests require the OIDC issuer to be resolvable from within a Pod. In kOps we previously met this requirement for testing with a shared publicly readable S3 bucket, but this is problematic in the new infrastructure.

We are prototyping a public discovery service in kOps, which will allow clients to generate an RSA key pair, and effectively authenticate (via mTLS) and register the required OIDC data. Then we will serve this (very small) data to clients publicly.

A version of the service is currently deployed on https://discovery.kubedisco.com, but it would probably be better for the e2e tests if it was deployed on community infrastructure.

The manifest for the current deployment is here: https://github.com/kubernetes/kops/blob/master/discovery/k8s/manifest.yaml

Currently the data is stored in process (and is lost every time a pod restarts). We probably want to move it to etcd and etcd-operator ("all the wood behind one arrow")

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/infra/gcpIssues or PRs related to Kubernetes GCP infrastructurekind/featureCategorizes issue or PR as related to a new feature.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions