Regarding adding an interface to retrieve the netns of a Pod object
jiayoukun opened this issue · 9 comments
What would you like to be added?
I want to extend the gRPC interface in kubelet that retrieves pod resources to include an interface for obtaining the pod netns using the pod UID. This way, it would be possible to retrieve a pod object and perform operations on its netns after querying it using the pod UID.
Is this a good idea? Or are there perhaps better options?
Here is the proto path:
kubernetes\staging\src\k8s.io\kubelet\pkg\apis\podresources\v1\api.proto
Why is this needed?
In the current overlay network, there are many scenarios where the IP of a Pod's network interface needs to be forwarded in and out. This may involve using OVS, VPP, or other tools to perform IP SNAT, DNAT, and redirect operations.
For Pod objects, etcd does not store the netns of a Pod, and kubelet manages the sandbox state of each Pod using PodSandboxID. Both PodSandboxID and netns are not publicly accessible, which is very unfriendly to developers who want to manipulate the dynamic network of a Pod.
This issue is currently awaiting triage.
If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
/sig api-machinery