Add mapper support device data writing proposal#5662
Conversation
kubeedge-bot
added
the
size/M
wbc6080
changed the title
kubeedge-bot
added
the
do-not-merge/work-in-progress
kubeedge-bot
added
size/L
fujitatomoya
left a comment
fujitatomoya
left a comment
There was a problem hiding this comment.
really interesting feature, had a minor comment.
| Therefore, this solution shown bellow refers to the way the Mapper Framework data plane processes device data and provides a | ||
| device writing interface on the data plane. With this interface, users can directly send device write commands | ||
| to the mapper data plane to prevent cloud edge channel blocking. |
There was a problem hiding this comment.
In security perspective, the expectation is that users at edge environment are trusted already? in other words, do we need to consider any security protection for this data writing API exposed by edgenode? because, using k8s API and CRD case, the application is authorized to call the API for this CRD, i think. that said there is at least one security barrier to manage and write the data to the device. just wondering if we need to think any kind of this barrier at edge.
There was a problem hiding this comment.
Sorry for the late reply. The question you mentioned makes sense, and there should indeed be some security when sending device write requests. But I also want to point out that mapper is ultimately deployed in the cluster in the form of a pod. In order to facilitate understanding in the proposal, I directly use nodeport to expose services. Users can choose other safe ways in kubernetes to expose services when using it. For example, they can forward routes in the form of Ingress, allowing only safe traffic to arrive, or choose to only allow requests to be sent within the cluster.
Of course, what you put forward is also a good suggestion. I also add security improvement to the proposal as a feature to be considered for improvement in the next version. :)
Shelley-BaoYue
left a comment
Shelley-BaoYue
left a comment
There was a problem hiding this comment.
If this proposal has been completed, please remove the WIP label.
wbc6080
force-pushed
the
device-writing-proposal
branch
from
1c08616 to
80f5e17
Compare
Signed-off-by: wbc6080 <wangbincheng4@huawei.com>
wbc6080
force-pushed
the
device-writing-proposal
branch
from
80f5e17 to
be72669
Compare
Signed-off-by: wbc6080 <wangbincheng4@huawei.com>
wbc6080
changed the title
kubeedge-bot
removed
the
do-not-merge/work-in-progress
Done. Ready to be reviewed |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fisherxu The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubeedge-bot
added
the
approved
5 participants
What type of PR is this?
/kind design
What this PR does / why we need it:
Add mapper support device data writing proposal
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: