Expose binding-apiserver directly to end uses
Opened this issue · 2 comments
What would you like to be added?
1)Export binding-apiserver as apiserver directly to user, the server path not need add lusterpedia.io/v1beta1/resources suffix;
2)clusterpedia-apiserver support service nodeport;
In a word, we want to use binding-apiserver like this:
apiVersion: v1
kind: Config
clusters:
- name: default-cluster
cluster:
insecure-skip-tls-verify: true
server: https://${binding-apiserve-ip}:${binding-apiserve-port}
contexts:
- name: default-context
context:
cluster: default-cluster
namespace: default
user: default-user
current-context: default-context
users:
- name: default-user
user:
token: abc
The binding-apiserve-ip
could be clusterpedia-apiserver
service ip or host cluster node ip.
The binding-apiserve-port
could be clusterpedia-apiserver
service port or nodeport.
Why is this needed?
In normal case, binding-apiserver works as a aggregated apiserver, and exposed by host apiserver. So all binding-apiserver requests must forward by host apiserver, and it effects host apiserver performance. In other case, we want to watch binding-apiserver, but after a while, we get some error.
I1109 09:23:51.743143 1 httplog.go:131] "HTTP" verb="GET" URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?limit=500" latency="7.3116ms" userAgent="kubectl/v1.16.15 (linux/amd64) kubernetes/2adc8d7" audit-ID="4132ae59-b216-485f-8a83-2caa0d5c6085" srcIP="10.0.0.4:47654" apf_pl="workload-low" apf_fs="service-accounts" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" apf_execution_time="7.111772ms" resp=200
I1109 09:24:21.745886 1 panic.go:884] "HTTP" verb="WATCH" URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?resourceVersion=eyJlZGdlLWNsdXN0ZXItMDEiOiIxNTY1NTQ2MTcifQ&watch=true" latency="30.000275432s" userAgent="kubectl/v1.16.15 (linux/amd64) kubernetes/2adc8d7" audit-ID="61dbd476-1c2b-4191-983e-4a8ee928906c" srcIP="10.0.0.4:47654" apf_pl="workload-low" apf_fs="service-accounts" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" resp=200
E1109 09:24:21.745986 1 wrap.go:53] timeout or abort while handling: method=GET URI="/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes?resourceVersion=eyJlZGdlLWNsdXN0ZXItMDEiOiIxNTY1NTQ2MTcifQ&watch=true" audit-ID="61dbd476-1c2b-4191-983e-4a8ee928906c"
E1109 09:24:21.746163 1 timeout.go:141] post-timeout activity - time-elapsed: 260.416µs, GET "/apis/clusterpedia.io/v1beta1/resources/api/v1/nodes" result: net/http: abort Handler
Hi @huiwq1990,
Thanks for opening an issue!
We will look into it as soon as possible.
Details
Instructions for interacting with me using comments are available here.
If you have questions or suggestions related to my behavior, please file an issue against the gh-ci-bot repository.
The apiserver can open the NodePort directly to provide external access, or you can access the clusterpedia apiserver service directly in the cluster.
Of course, you still need to add a prefix clusterpedia.io/v1beta1/resources
Adding paths without prefixes looks good, and in the future we might be able to add a gate to support it