Open techworldhello opened 5 days ago
masterServiceFilter has already implemented this capability. By default, Yurthub only caches request data for system components. If the business requires utilizing Yurthub's cache to operate during network outages, the corresponding User-Agent (UA) needs to be configured in the ConfigMap yurt-hub-cfg. reference: https://github.com/openyurtio/openyurt/blob/master/docs/proposals/20220627-yurthub-cache-refactoring.md#41-enable-yurthub-to-distinguish-resources-with-same-name-but-different-versions-and-groups
masterServiceFilter has already implemented this capability. By default, Yurthub only caches request data for system components. If the business requires utilizing Yurthub's cache to operate during network outages, the corresponding User-Agent (UA) needs to be configured in the ConfigMap yurt-hub-cfg. reference: https://github.com/openyurtio/openyurt/blob/master/docs/proposals/20220627-yurthub-cache-refactoring.md#41-enable-yurthub-to-distinguish-resources-with-same-name-but-different-versions-and-groups
@zyjhtangtang I think that masterservice Filter can not solve the problem that mentioned in the issue. because masterservice filter only modify default/kubernetes
service, this means that pods without KUBERNETES_SERVICE_HOST
env can work with Yurthub component seamlessly. but pods with KUBERNETES_SERVICE_HOST
can not work together with Yurthub component. maybe it is a good idea to overwrite KUBERNETES_SERVICE_HOST
env of pod by Yurthub proxy address on edge nodes.
What would you like to be added:
A filter in Yurthub that sets the
KUBERNETES_SERVICE_HOST
environment variable to the Yurthub proxy IP. This enhancement would ensure node autonomy for edge nodes when they are operating offline.Why is this needed:
Some managed services may use an admission webhook to change the
KUBERNETES_SERVICE_HOST
environment variable to the public FQDN of the kube-apiserver. For these managed services to operate with Yurthub, the pods scheduled on edge nodes must be directed to Yurthub so that requests to the kube-apiserver can be proxied through it.We are requesting the implementation of a filter that would ensure all edge pods access the kube-apiserver via the Yurthub proxy. This filter would add logic without disrupting other users. If a user prefers to disable this filter in the future, they could do so by adding it to the --disabled-resource-filters startup parameter.
others /kind feature
@techworldhello Thank you for raising the issue. Only pods without KUBERNETES_SERVICE_HOST
env can access kube-apiserver through yurthub currently. so it seems that a new filter is necessary for dealing with pods with KUBERNETES_SERVICE_HOST
env on edge nodes.
@techworldhello @rambohe-ch Yes, if the pod has already been set with KUBERNETES_SERVICE_HOST
, the masterservice filter
will not take effect. In this case, It is necessary to add a new filter to directly modify it.
@zyjhtangtang @rambohe-ch I've updated this issue to link to a new PR https://github.com/openyurtio/openyurt/pull/2165, as it made sense to update KUBERNETES_SERVICE_PORT
as well as KUBERNETES_SERVICE_HOST
, since they are both required to connect to Yurthub. I've also updated the issue title and description to reflect this. Would appreciate your reviews again, thanks!
What would you like to be added:
A filter in Yurthub that sets the
KUBERNETES_SERVICE_HOST
andKUBERNETES_SERVICE_PORT
environment variables to the Yurthub proxy host and IP. This enhancement would ensure node autonomy for edge nodes when they are operating offline.Why is this needed:
Some managed services may use an admission webhook to modify the
KUBERNETES_SERVICE_HOST
andKUBERNETES_SERVICE_PORT
environment variables, setting them to the public FQDN and port of the kube-apiserver. For these managed services to operate with Yurthub, the pods scheduled on edge nodes must be directed to Yurthub so that requests to the kube-apiserver can be proxied through it.We are requesting the implementation of a filter that would ensure all edge pods access the kube-apiserver via the Yurthub proxy. This filter would add logic without disrupting other users. If a user prefers to disable this filter in the future, they could do so by adding it to the --disabled-resource-filters startup parameter.
others /kind feature