Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add hostNetwork option #4534

Closed
wants to merge 2 commits into from
Closed

add hostNetwork option #4534

wants to merge 2 commits into from

Conversation

@bbotte
Copy link

bbotte commented Feb 27, 2019

What does this PR do?

Motivation

More

  • [* ] change examples config

Additional Notes

I am in the kubernetes 1.13.3 cluster, the configuration test is https://github.com/containous/traefik/tree/master/examples/k8s. Since the node is not bound to port 80 and 8080, DNS resolves to this node and Can't access. I don't know if it belongs to the correct configuration.

bbotte added 2 commits Feb 27, 2019
I am in the kubernetes 1.13.3 cluster, the configuration test is https://github.com/containous/traefik/tree/master/examples/k8s. Since the node is not bound to port 80 and 8080, DNS resolves to this node and Can't access. I don't know if it belongs to the correct configuration.
I am in the kubernetes 1.13.3 cluster, the configuration test is https://github.com/containous/traefik/tree/master/examples/k8s. Since the node is not bound to port 80 and 8080, DNS resolves to this node and Can't access. I don't know if it belongs to the correct configuration.
@bbotte bbotte requested a review from containous/kubernetes as a code owner Feb 27, 2019
Copy link
Contributor

dduportal left a comment

Hi @bbotte , thank you for this proposal.

Kubernetes uses the concept of "Services" to expose pod's port. It's also the case for Traefik (even as an Ingress controller). In the examples you are trying to use, the "Service" is a kind of "NodePort": https://github.com/containous/traefik/blob/master/examples/k8s/traefik-deployment.yaml#L56 , which binds the ports 80 and 8080 of each Kubernetes "node" to the 8080 and 80 of the "Service". Then, the service takes care of forwarding the requests into Traefik's Pod.

Alternatively, the service of type "LoadBalancer" could be used, depending on the Kubernetes distribution (in Amazon, it would automatically spawn and ELB outside the cluster).

As these are Kubernetes specifics concepts, you should check https://kubernetes.io/docs/tutorials/kubernetes-basics/ which explains better than me these concepts. I would also recommend this great writing from my @geraldcroes : https://medium.com/@geraldcroes/kubernetes-traefik-101-when-simplicity-matters-957eeede2cf8 , which give a good high level cover of the concepts involved in Traefik + Kubernetes.

Unless I'm misunderstanding something, I vote against this change, because it's Kubernetes compliant.

Copy link
Member

dtomcej left a comment

Kubernetes "Configuration best practices" state very clearly that using hostports or hostnetworks are to be avoided at all costs. (https://kubernetes.io/docs/concepts/configuration/overview/#services)

If your environment requires them, and you are able to accept the risks involved, you can enable them on your end.

However, we should not be enabling them for the general examples that are going to be widely used.

For these reasons, I am declining this PR, but thank you @bbotte for the contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.