search

openyurtio / openyurt

OpenYurt - Extending your native Kubernetes to edge(project under CNCF)
https://openyurt.io
Apache License 2.0
1.68k stars 391 forks source link

[feature request] improve nodeportisolation filter,support listening reduction #1994

Closed chunhui1012 closed 3 months ago

chunhui1012 commented 3 months ago

What would you like to be added: Previously, the service was listened on 'nodeport.openyurt.io/listen=pool1,pool2'. After the update, it is now only listening on 'nodeport.openyurt.io/listen=pool1', but the nodeport of pool2 has not been released.

Why is this needed: To resolve the above issue, kube-proxy needs to be restarted. This is not allowed in a production environment.

others /kind feature

rambohe-ch commented 3 months ago

@chunhui1012 Thanks for raising the issue.

Yes, this limitation is a known problem, if the NodePort service is filtered after changing, the kube-proxy component can not clear the local network settings for this service. because kube-proxy doesn't get anything of this service.

I think we can improve the ResponseFilter, if standalone object(like v1.Service) is filtered by ObjectFilter, ResponseFilter can return a watch.Deleted event back to the clients(like kube-proxy), so kube-proxy will be triggered to clear the local settings.

chunhui1012 commented 3 months ago

Provide a default listening scope based on the node pool where the service pod is located.