search

clusterpedia-io / clusterpedia

The Encyclopedia of Kubernetes clusters
https://clusterpedia.io
Apache License 2.0
791 stars 122 forks source link

Expose binding-apiserver directly to end uses #589

Open huiwq1990 opened 11 months ago

huiwq1990 commented 11 months ago

What would you like to be added?

1)Export binding-apiserver as apiserver directly to user, the server path not need add lusterpedia.io/v1beta1/resources suffix; 2)clusterpedia-apiserver support service nodeport;

In a word, we want to use binding-apiserver like this:


apiVersion: v1
kind: Config
clusters:
- name: default-cluster
  cluster:
    insecure-skip-tls-verify: true
    server: https://${binding-apiserve-ip}:${binding-apiserve-port}
contexts:
- name: default-context
  context:
    cluster: default-cluster
    namespace: default
    user: default-user
current-context: default-context
users:
- name: default-user
  user:
    token:  abc

The binding-apiserve-ip could be clusterpedia-apiserver service ip or host cluster node ip. The binding-apiserve-port could be clusterpedia-apiserver service port or nodeport.

Why is this needed?

In normal case, binding-apiserver works as a aggregated apiserver, and exposed by host apiserver. So all binding-apiserver requests must forward by host apiserver, and it effects host apiserver performance. In other case, we want to watch binding-apiserver, but after a while, we get some error.


I1109 09:23:51.743143       1 httplog.go:131] "HTTP" verb="GET" URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?limit=500" latency="7.3116ms" userAgent="kubectl/v1.16.15 (linux/amd64) kubernetes/2adc8d7" audit-ID="4132ae59-b216-485f-8a83-2caa0d5c6085" srcIP="10.0.0.4:47654" apf_pl="workload-low" apf_fs="service-accounts" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" apf_execution_time="7.111772ms" resp=200
I1109 09:24:21.745886       1 panic.go:884] "HTTP" verb="WATCH" URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?resourceVersion=eyJlZGdlLWNsdXN0ZXItMDEiOiIxNTY1NTQ2MTcifQ&watch=true" latency="30.000275432s" userAgent="kubectl/v1.16.15 (linux/amd64) kubernetes/2adc8d7" audit-ID="61dbd476-1c2b-4191-983e-4a8ee928906c" srcIP="10.0.0.4:47654" apf_pl="workload-low" apf_fs="service-accounts" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" resp=200
E1109 09:24:21.745986       1 wrap.go:53] timeout or abort while handling: method=GET URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?resourceVersion=eyJlZGdlLWNsdXN0ZXItMDEiOiIxNTY1NTQ2MTcifQ&watch=true" audit-ID="61dbd476-1c2b-4191-983e-4a8ee928906c"
E1109 09:24:21.746163       1 timeout.go:141] post-timeout activity - time-elapsed: 260.416µs, GET "/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes" result: net/http: abort Handler
clusterpedia-bot commented 11 months ago

Hi @huiwq1990, Thanks for opening an issue! We will look into it as soon as possible.

Details Instructions for interacting with me using comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the [gh-ci-bot](https://github.com/clusterpedia-io/gh-ci-bot) repository.
Iceber commented 11 months ago

The apiserver can open the NodePort directly to provide external access, or you can access the clusterpedia apiserver service directly in the cluster.

Of course, you still need to add a prefix clusterpedia.io/v1beta1/resources

Adding paths without prefixes looks good, and in the future we might be able to add a gate to support it