Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

redirect AWS client blob requests to s3 based on client IP -> AWS region #47

Merged
merged 8 commits into from
Apr 20, 2022
Merged

redirect AWS client blob requests to s3 based on client IP -> AWS region #47

merged 8 commits into from
Apr 20, 2022

Conversation

BenTheElder
Copy link
Member

builds on #42, depends on #46
~fixes #39

Implements:

  • given an HTTP request, get the client IP (either locally in development, or in cloud run from GCLB)
  • map IP request to AWS region
  • if not an AWS client, redirect to primary registry
  • if an AWS client, redirect to a bucket copy based on the region

Also clarifies that cmd/archeio is not engineered to be reusable at this time, instead the reusable bits are implemented as library packages (like the CIDR matching, IP to AWS region matching).
We can greatly simplify runtime concerns and reliability by keeping it this way for now.
In the future it's possible we'll be using an entirely different approach (CDN?) anyhow.

Needs cleanup, tests, and a feature gate of some sort (disabled by default, we're not ready to roll this out yet), but it's there.

Right now all regions are mapped to the single bucket we have.
We can use that to test in CI in the sandbox, but before enabling in production we will need to replace with our real bucket mapping.

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 15, 2022
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 15, 2022
@BenTheElder BenTheElder mentioned this pull request Apr 15, 2022
Closed
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 18, 2022
@BenTheElder BenTheElder force-pushed the buckets branch 3 times, most recently from 6dcd21b to 9436135 Compare April 19, 2022 02:55
@BenTheElder BenTheElder mentioned this pull request Apr 19, 2022
Merged
@BenTheElder
Copy link
Member Author

moved some of this to #48

@BenTheElder
Copy link
Member Author

tests still need work, will get back to this in the morning.

@BenTheElder
Copy link
Member Author

I'll have some more unit tests / cleanup committed later this morning and then this should be ready for reviews.

@BenTheElder
Copy link
Member Author

Probably should feature-gate this in some fashion, but it's otherwise done.

@BenTheElder BenTheElder changed the title [WIP] redirect AWS client blob requests to s3 based on client IP -> AWS region redirect AWS client blob requests to s3 based on client IP -> AWS region Apr 20, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 20, 2022
@BenTheElder
Copy link
Member Author

I think we can do that in a follow-up, this is pretty large as-is.

@dims
Copy link
Member

dims commented Apr 20, 2022

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 20, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BenTheElder, dims

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit b73a539 into kubernetes:main Apr 20, 2022
This was referenced Apr 20, 2022
Closed
Closed
@BenTheElder BenTheElder deleted the buckets branch April 21, 2022 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dims dims dims left review comments

@aojea aojea aojea left review comments

@hh hh Awaiting requested review from hh

@riaankleinhans riaankleinhans Awaiting requested review from riaankleinhans

Assignees

@dims dims

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
registry.k8s.io (SIG K8S Infra)
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

oci-proxy should redirect per-AWS region
4 participants
@BenTheElder @dims @k8s-ci-robot @aojea