Expose binding-apiserver directly to end uses

Question

Expose binding-apiserver directly to end uses

Opened this issue 8 months ago · 2 comments

huiwq1990 commented 8 months ago

What would you like to be added?

1）Export binding-apiserver as apiserver directly to user, the server path not need add lusterpedia.io/v1beta1/resources suffix；
2）clusterpedia-apiserver support service nodeport;

In a word, we want to use binding-apiserver like this:

apiVersion: v1
kind: Config
clusters:
- name: default-cluster
  cluster:
    insecure-skip-tls-verify: true
    server: https://${binding-apiserve-ip}:${binding-apiserve-port}
contexts:
- name: default-context
  context:
    cluster: default-cluster
    namespace: default
    user: default-user
current-context: default-context
users:
- name: default-user
  user:
    token:  abc

The binding-apiserve-ip could be clusterpedia-apiserver service ip or host cluster node ip.
The binding-apiserve-port could be clusterpedia-apiserver service port or nodeport.

Why is this needed?

In normal case, binding-apiserver works as a aggregated apiserver, and exposed by host apiserver. So all binding-apiserver requests must forward by host apiserver, and it effects host apiserver performance. In other case, we want to watch binding-apiserver, but after a while, we get some error.


I1109 09:23:51.743143       1 httplog.go:131] "HTTP" verb="GET" URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?limit=500" latency="7.3116ms" userAgent="kubectl/v1.16.15 (linux/amd64) kubernetes/2adc8d7" audit-ID="4132ae59-b216-485f-8a83-2caa0d5c6085" srcIP="10.0.0.4:47654" apf_pl="workload-low" apf_fs="service-accounts" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" apf_execution_time="7.111772ms" resp=200
I1109 09:24:21.745886       1 panic.go:884] "HTTP" verb="WATCH" URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?resourceVersion=eyJlZGdlLWNsdXN0ZXItMDEiOiIxNTY1NTQ2MTcifQ&watch=true" latency="30.000275432s" userAgent="kubectl/v1.16.15 (linux/amd64) kubernetes/2adc8d7" audit-ID="61dbd476-1c2b-4191-983e-4a8ee928906c" srcIP="10.0.0.4:47654" apf_pl="workload-low" apf_fs="service-accounts" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" resp=200
E1109 09:24:21.745986       1 wrap.go:53] timeout or abort while handling: method=GET URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?resourceVersion=eyJlZGdlLWNsdXN0ZXItMDEiOiIxNTY1NTQ2MTcifQ&watch=true" audit-ID="61dbd476-1c2b-4191-983e-4a8ee928906c"
E1109 09:24:21.746163       1 timeout.go:141] post-timeout activity - time-elapsed: 260.416µs, GET "/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes" result: net/http: abort Handler

Answer 1 · 2023-11-10T06:05:43.000Z

Hi @huiwq1990,
Thanks for opening an issue!
We will look into it as soon as possible.

Details

Instructions for interacting with me using comments are available here.
If you have questions or suggestions related to my behavior, please file an issue against the gh-ci-bot repository.

Answer 2 · 2023-11-13T02:59:02.000Z

The apiserver can open the NodePort directly to provide external access, or you can access the clusterpedia apiserver service directly in the cluster.

Of course, you still need to add a prefix clusterpedia.io/v1beta1/resources

Adding paths without prefixes looks good, and in the future we might be able to add a gate to support it