feat: add kubernetes discovery module#4880
feat: add kubernetes discovery module#4880spacewander merged 78 commits intoapache:masterfrom zhixiongdu027:master
Conversation
Signed-off-by: adugeek <root@libssl.com>
|
Thanks for your contribution, I will review it today |
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
|
If you want to use environment variables in code, you can use: If you want to use environment variables in test cases, you can
|
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
Signed-off-by: adugeek <root@libssl.com>
zhixiongdu027
left a comment
zhixiongdu027
left a comment
There was a problem hiding this comment.
ci file is updated for mount kubernetes token file into centos container
| curl -Lo ./jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 | ||
| chmod +x ./jq | ||
|
|
||
| until [[ $(curl 127.0.0.1:6445/api/v1/pods?fieldSelector=status.phase%21%3DRunning |./jq .items) == "[]" ]]; do |
There was a problem hiding this comment.
you can just using kubectl wait --for=condition=Ready pods --all -A instead of this.
There was a problem hiding this comment.
In my test
When kubectl wait --for=condition=Ready pods --all -A is finished,
Still have pod Pending or ContainerCreating
This will cause the test to fail
There was a problem hiding this comment.
maybe we can use like this:
echo "wait k8s start..."
sleep 10
until [[ $(./kubectl get pods -A --field-selector 'status.phase!=Running' 2>&1) =~ "No resources found" ]]; do
echo 'still wait k8s start...'
sleep 1
doneSigned-off-by: adugeek <root@libssl.com>
apisix/discovery/kubernetes/init.lua
Outdated
| -- TODO: maybe we can read dict name from discovery config | ||
| endpoint_dict = ngx.shared.discovery | ||
| if not endpoint_dict then | ||
| error("failed to get ngx.shared.dict discovery") |
There was a problem hiding this comment.
failed to get Nginx shared dict: discovery, please check your APISIX version
|
@membphis @spacewander @tao12345666333 @crazyMonkey1995 |
|
ok, thanks for your contribution. |
|
|
||
| informer.continue = data.metadata.continue | ||
| if informer.continue and informer.continue ~= "" then | ||
| list(httpc, informer) |
There was a problem hiding this comment.
Seems like the apiserver(the second parameter of the function) is missing here?
There was a problem hiding this comment.
Sorry, It'a mistake
|
@crazyMonkey1995 |
|
cc @tao12345666333 @membphis @spacewander @tokers @crazyMonkey1995 Looks like this PR is complete? |
I think it's ok. |
|
It's on my list. I will review it ASAP |
tao12345666333
left a comment
tao12345666333
left a comment
There was a problem hiding this comment.
LGTM
Wouldn't it be better if namespaces were not directly hardcoded in the configuration file, but filtered by labels?
| schema: https #default https | ||
|
|
||
| # kubernetes apiserver host, options [ ipv4 | ipv6 | domain | env variable] | ||
| host: 10.0.8.95 #default ${KUBERNETES_SERVICE_HOST} |
There was a problem hiding this comment.
I suggest writing kubernetes.default directly here, what do you think?
There was a problem hiding this comment.
We may have two operating environments:
Inside the Pod:
Both the apiserver host and apiserver port values are stored via environment variables.
Therefore, our configuration items must support the reference environment variable value, and the user needs to recognize the referenced environment variable value at a glance.
${} is a good form
Outside the Pod:
The apiserver host and apiserver port values are manually input by the user. We need a specific format to distinguish whether the value entered by the user is a domain name or an environment variable,
${} is also a good form
If we have next config:
kubernetes:
service:
host: kubernets.defaultHow can we tell if "kubernets.default" is a constant or a domain name?
There was a problem hiding this comment.
In the cluster we can get the address of the kubernetes service through KUBERNETES_SERVICE_HOST, but once we really need to verify the SSL certificate, most of the time we do not issue a certificate for the IP address. Domain names are far more generic than IP addresses.
There was a problem hiding this comment.
most of the time we do not issue a certificate for the IP address. Domain names are far more generic than IP addresses.
Usually this is the case.
But in the clusters I have seen, the san list of the certificates used by the apiserver all contain${KUBERNETES_SERVICE_HOST} and Host_IP,
so even if "ssl_verify=true "
I think there is no problem to use ${KUBERNETES_SERVICE_HOST} as the server address within the Pod.
maybe you know some exception?
There was a problem hiding this comment.
We can keep the status for now.
zhixiongdu027
dismissed stale reviews from membphis and tzssangglass
via
2276693
|
@membphis @tao12345666333 @crazyMonkey1995 @tokers |
tao12345666333
left a comment
tao12345666333
left a comment
There was a problem hiding this comment.
We can keep this implementation for now, let's move on.
|
it's a big move. We keep eyes on this feature. |
* upstream: (52 commits) feat: add kubernetes discovery module (apache#4880) docs: fix For L7 proxy -> For L4 proxy (apache#6423) fix(deps): upgrade jsonschema to 0.9.8 (apache#6407) docs: translate Chinese to English in en clickhouse-logger (apache#6416) docs: add zh proxy-control.md&modify other doc error (apache#6346) docs: update public API relative usage (apache#6318) docs(cn): remove datadog from sidebar & fix doc lint conf (apache#6411) fix(request-validation): should not limit the urlencoded post args number (apache#6396) docs: fix configuration file typo (apache#6395) docs(extern-plugin): the implementation of runner (apache#6336) docs: polishing skywalking-logger plugin's docs (apache#6377) doc: adjust the directory structure of observability's documents (apache#6391) change(admin): empty nodes should be encoded as array (apache#6384) fix: should not limit the header number (apache#6379) ci: remove unnecessary tmate action (apache#6367) fix(opentelemetry): batch_span_processor export zero length spans (apache#6349) feat(graphql): support http get and post json request (apache#6343) feat: support for configuring the number of etcd health check retries (apache#6322) feat(wasm): support getting request body (apache#6325) fix(hmac-auth): hmac-auth plugin sort array param (apache#6314) ...
12 participants
Signed-off-by: adugeek root@libssl.com
What this PR does / why we need it:
Pre-submission checklist:
#4388
todo: