-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingress claims #30151
Comments
Ports are an open question. Many cloudproviders restrict requestable ports, but if we allow L4 ingress we need an exclusive lock on an arbitrary port. |
@bprashanth as mentioned in the other thread, we'll take ingress claim (and possibly more on ingress). @mqliang will update the write up, any objections? |
Is the ingress claim acting as an IP address placeholder? I'm not sure I In the storage analog, there is a global resource - actual storage - You mention validation, but we don't really do cross-object validation, On Wed, Oct 12, 2016 at 7:37 PM, Deyuan Deng notifications@github.com
|
IIUC, it should be a Ingress Service(backed by several Ingress Pods) act as an VIP address placeholder.
I think it should be Ingress Service. That is: cluster admin deploy all kinds of Ingress Pods: nginx, haproxy or cloud lb, and create several Ingress Service with vip. And when user create Ingress Resource, he can claim "I want a Ingress Service to loadbalance foo.com for me" by creating a IngressClaim. |
I do not understand. what you are describing is classes (analog to On Wed, Oct 12, 2016 at 11:05 PM, Liang Mingqiang
|
For example:
|
As briefly outlined in this comment, i'm also not sure if ingress claim should hold vip. I tend to agree with @mqliang , but we could be wrong as there seems to be a lot of discussions around ingress. If we follow lessons from storage class, this really should be two things, one that actually hold the vip (IngressService), and one that hold a 'flavor' or 'profile' (IngressClass) ?
|
That's not a claim, that's a class. If you want to draw analogies... Pod uses PVClaim in real terms: I (the user) hold a lease (a claim) on a car in ingress terms, it should be something like: L7Config uses an IngressClaim I believe OpenShift (which predated ingress) says L7Config = Route and Now, we already used the word "Ingress" to mean both the URL map and the TL;DR: This bug is talking about classes, not claims. I think both are On Wed, Oct 12, 2016 at 11:30 PM, Liang Mingqiang notifications@github.com
|
The claimed resource I most care about is public DNS name. So user A We have moved much further down having multiple routers, at this point |
Can not agree more. This is exactly I want to express. In bare-metal environment, we want load-balancer (nginx, haproxy) to be HA, so I introduced a "Ingress Service" term: IngressClaim was bound to a IngressService (backended by the actually load-balancer), instead of the load-balancer directly.
In single-tenant case, it's reasonable to have "only one router, no claims" since one cluster usually only has one DNS name. But in multi-tenant case, one load-balance with one IP can host many sites, so we need the IngressClaim mechanism:
|
Yes, one load-balance with one IP can host many sites, and again, that's why I proposed "ingress scheduler" to make metrics-based binding decision in #34013 |
On Fri, Oct 14, 2016 at 7:02 AM, Clayton Coleman
This is solvable within kubernetes, perhaps, but we'd need a clearer
This is largely in alignment with what we are seeing, and part of why Additionally, I think it is interesting, especially in an env like |
Why should an ingress claim relate public DNS names and QOS tier? Wouldn't it make more sense to have separate claims for each? |
I think reserved DNS names would make sense in all cases. I'm less clear why QOS would be something that ingress controllers should be required to support. |
Over on OpenShift we have customers who want to claim a path too. So, they have a hosting site that has a standard dns name, but each project wants to claim the first directory in the URL. So, for our existing router we might accommodate this by having a "CLAIM_PATH_DEPTH" argument to the router pod, and then it would assign the routes to the namespaces based on the depth given (it would default to 0). I'm not sure how to handle that with claims. Perhaps we put in a domain-level claim that says "allow sub-claims of this directory depth below me"? |
Issues go stale after 30d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
The initial ingress proposal hinted at this (https://github.com/kubernetes/kubernetes/pull/12827/files#diff-41f2bde570ebc813183b7cd0a96a7e04R106) and I'm starting to see a need for it as Ingress evolves.
We need a way to claim a DNS name and bucket it to a QoS tier so you can say "I want a bronze ingress to loadbalance foo.com" and not have to worry about:
Here's what I'm proposing at a high level:
@kubernetes/sig-network @smarterclayton
The text was updated successfully, but these errors were encountered: