-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Domainmapping support dir-path-based routing #11997
Comments
I prototyped a separate resource for this when we were getting started with I can probably find the branch where it lives if you care, but kingress does support path-based routing already today. |
Thanks for answering, @mattmoor |
That code was added to support the paths needed for ACME HTTP01 challenges, so it's used by our various auto-TLS integrations. So it works, but we don't expose a way for folks to configure it for themselves, yet. AFAIK nobody is actively working on the I'd defer to @julz and @dprotaso for the current direction of things, I mostly included the doc for historical context. |
I check the doc, looks there is conflict with domainmapping? because |
The intent is to enable composition, but there was some discussion of combining them as well (back then). I can't say I feel strongly (anymore, not that I have a vote anymore either!), but FWIW, regardless of how it manifests, I do think having path (and method/header) based routing would be yet-another killer feature for Knative, so if you take away anything from my Dispatcher digression, it should be: +1000 from me! |
I'm pretty +1 to landing something along the lines of Dispatcher also. Re: extending DomainMapping vs a separate Dispatcher etc.. I also find it a struggle to generate a strong opinion 😅. DomainMappings need the ClusterDomainClaim stuff to avoid collisions in the global namespace for domains, which might be a good reason to favour composition rather than extension to avoid Dispatcher having to worry about that too. I think the main thing we need here (assuming @dprotaso is generally +1 too) is willing hands to write a feature proposal and actually do the work. @jwcesign do you have time/interest in driving this? |
my slight preference is to extend DomainMapping because of the existing ClusterDomainClaim mechanism as julz mentioned. Looks like the gateway API supports path routing https://kubernetes.io/blog/2021/04/22/evolving-kubernetes-networking-with-the-gateway-api/#getting-hands-on-with-the-gateway-api. So Kingress should be good to add this feature. cc @nak3 |
@ZhiminXiang I think @julz was saying the opposite 😅 🤔 What I had in mind for the Not sure if @n3wscott ever landed his sugar where you could simply annotate Addressables to automagically spawn DomainMappings, but that should naturally extend auto-DM to Dispatcher as well. |
Yeah this was indeed the approach I was clumsily trying to express support for above :-) |
Yes, very willing to drive this.
dispatcher.yaml
|
It is beautiful! 👍 The neat thing about this is that as we build up more Addressable things, they can slot in where it'd currently mostly ksvc. For example, in principal you could even layer Dispatcher resources if you wanted. |
Hi, @mattmoor, would u mind telling me the branch of |
I poked around on my fork a tiny bit, but no obvious branch names popped out at me (and unfortunately I have loads). If anyone knows of a good way to string search an entire Git repo (all refs), I'm happy to try that 😁 |
/assign @jwcesign |
List of works:
|
Can a dispatcher route to ksvc's in multiple namespaces? |
kingress does not support this today (somewhat intentionally). I wonder whether Gateway APIs allows for this, since Ingress did not. |
I have not looked at the API entirely but it looks like it does support multiple namespaces. https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.RouteNamespaces |
because of security problem, I prefer dispathcer only works in one namespace. |
https://docs.google.com/document/d/1q3kkBhSqWMHm-TCFo56R-32C7-fo6G8KQH4lIGtc-U0/edit?usp=sharing here is the first proposal, If the way is right, I will do more details design. |
Hi @jwcesign @mattmoor, I noticed this path-based routing and I think it is very useful and an add-on feature on the current host-based routing. I had gone through this Maybe I will describe my use cases here and you can help to answer if this can be solved. (if there is a way to solve it in knative already, please let me know, thanks) We have deployed some services by
above are two namespaces but they are belonging to the within each namespace, we have two servings, service1 and service 2.
What we expect is a api.example.com/user1-ns1/service1 or etc. when user calls a path we are expecting the host to be fixed as much as possible and only the path is changing based on the service. currently we do it by adding a virtual service to route the path-based URL(api.example.com/user1-ns1/service1) to the service ( for example, for
currently, the root-based URL is controlled by the
I am wondering if it is possible to enable the path-based endpoint in a similar way by defining a template and turning on the feature. like:
That will be easier to support the use cases I mentioned above, and avoid additional steps to create and update the dispatcher when a new service comes in. Of cause on top of this feature, the dispatcher can be an add-on for the more complicated use cases. |
hi, @lizzzcai, the only way to support path based routing is using VirtualService for now(like what u do now). I am wondering whether to support routing to multi-namespace. But there is a problem. |
Hi @jwcesign, thanks for your reply. is it possible to support path-based routing as a feature natively? like what I mentioned above (user turn on the feature and provide a template). Or another way to support it like a pathRoutingMapping kind of feature (provide a template format then create the vs by knative) like you said, there are many similar requests:
and there is a document to support this as well: https://github.com/knative/docs/tree/main/docs/serving/samples/knative-routing-go. I think there will be a lot of requests to support routing to service in multi-namespace, like the use case I mentioned above, we may have a main tenant which owns resource groups(multi namespace). So the domain of this main tenant can route to services under different resource groups, and we can use the authorization policy to ensure security. And for the dispatcher, if I want to add a new service, I need to patch the dispatcher (I would expect no downtime occurs). Is there a way to dynamically add the new service into the dispatcher? (like a select *(service) and apply a template) |
This issue is stale because it has been open for 90 days with no |
/remove-lifecycle stale |
This issue is stale because it has been open for 90 days with no |
/reopen |
@lookis Still in proposal, what is your usecase? |
exactly the same. I have to use istio VS to route the path for now, but VS doesn't support tls, istio try to support tls under Gateway, DomainMapping support tls, but do not support path routing. I prefer knative way to deal with it, because I am in a multi tanent situation, which tls cert should belong to each namespace separately. |
This issue is stale because it has been open for 90 days with no |
/remove-lifecycle stale |
This issue is stale because it has been open for 90 days with no |
/remove-lifecycle stale |
This of interest to me as well particularly for applications behind ALB + Cognito. Without path based routing the application clients need to be configured with multiple redirect URI's which have a hard limit of 100. This limits the scalability of shared application clients across multiple knative applications and poses operational challenges. |
Are there any updates regarding the route path in DomainMapping? I've implemented Knative in staging at about 90% completion, but I'm encountering issues with the route path. It would be unfortunate if the project were halted just because of this challenge. |
/unassign @jwcesign I don't believe anyone is working on this. If you're using Istio a workaround would be programming a VirtualService - https://github.com/knative/docs/blob/main/code-samples/serving/knative-routing-go/routing-internal.yaml Likewise for Contour you'd create a similar HTTPProxy resource |
Describe the feature
now it's little complex to config routing different dir-path to different
ksvc
, istioVS
should be configured. such as #11892,So I think it's better to config this with domainmapping, like bellows(POC demo coding now):
domaincliam.yaml
domainmapping.yaml
This feature maybe just can be done based on istio gateway. Still not deeply check whether other gateways support.
/area API
/assign @julz @mattmoor what do u think of this?
The text was updated successfully, but these errors were encountered: