search

linkerd / linkerd2

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
https://linkerd.io
Apache License 2.0
10.63k stars 1.28k forks source link

Ability to proxy between Kubernetes and external machines #2048

Closed tmlbl closed 5 months ago

tmlbl commented 5 years ago

Feature Request

What problem are you trying to solve?

Many users will have existing VM-based deployments with only a portion of their services running in Kubernetes. These users will want to be able to connect their existing services to new services running in Kubernetes.

How should the problem be solved?

With other mesh solutions, it is possible to expose the control plane services to networks outside of the Kubernetes cluster. The proxy then can be run on a machine outside of the cluster, but join the data plane inside the cluster. Traffic can either be routed directly to pod IPs (Consul Connect) or through an exposed ingress controller (Istio). These services can issue their requests destined for the Kubernetes-based services to the proxy.

Any alternatives you've considered?

Istio describes how to do this, but only on GCP and Debian. It also requires a lot of iptables configuration on the VMs, which is a hard sell when these VMs are serving existing production traffic.

Consul Connect also describes how to do this, but it requires a "fully-connected network", meaning that users have to use a Kubernetes networking plugin that is compatible with existing infrastructure in that way.

How would users interact with this feature?

Similar to Consul Connect, a proxy subcommand could provide the feature to start a standalone proxy.

$ linkerd2 proxy --service vm-service --upstream hello:8181
Traffic to 127.0.0.1:8181 will be routed to the service 'hello'...

Or there may be a more linkerd-like way to accomplish it.

uromahn commented 4 years ago

Adding a comment to bubble this up. The ticket has been create a year ago but no action has been taken yet.

grampelberg commented 4 years ago

@uromahn we'd love your help getting it built! Please jump into the Linkerd slack so that we can chat through what the next steps would be =)

eisig commented 4 years ago

Or consider Kuma's design. https://kuma.io/docs/0.7.1/documentation/deployments/

they can be regarded as multiple clusters, and then cross cluster mechanism can be used to communicate.

cpretzer commented 4 years ago

thanks @eisig, would you be interested in helping us come up with the right design for this hybrid architecture?

seyedmmousavi commented 1 year ago

I'm looking this for a heavy distributed system that the processing distributed among with many tiny worker machines. Also, this is suitable in IoT based systems.

wmorgan commented 1 year ago

We will start tackling this in the next Linkerd release

piersharding commented 1 year ago

We will start tackling this in the next Linkerd release

Really appreciate this - thanks. I am looking to use this to integrate tango controls device servers that are off cluster for telescope control system

wmorgan commented 5 months ago

This is done. https://linkerd.io/2024/02/21/announcing-linkerd-2.15/