Skip to content

Forking network proxy proto-type into the apiserver-network-proxy repo.#1

Merged
cheftako merged 21 commits intokubernetes-sigs:masterfrom
cheftako:setup
Apr 23, 2019
Merged

Forking network proxy proto-type into the apiserver-network-proxy repo.#1
cheftako merged 21 commits intokubernetes-sigs:masterfrom
cheftako:setup

Conversation

@cheftako
Copy link
Copy Markdown
Contributor

@cheftako cheftako commented Apr 22, 2019

This merges the initial prototype code for network proxy into the repo.
The prototype is for https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190226-network-proxy.md
/sig cloud-provider
/assign @anfernee

anfernee and others added 21 commits April 22, 2019 16:35
@anfernee @cheftako
Implement basic proxy
7dda23b
@anfernee @cheftako
comments
c2626a9
@anfernee @cheftako
clean up
942dbb0
@anfernee @cheftako
wip
bf83efc
@anfernee @cheftako
basic support
275166d
@anfernee @cheftako
basic agent service
4c4d37f
@anfernee @cheftako
Move cmd into examples
7dc2206
@anfernee @cheftako
Update README.md
3b5f116
@cheftako
Made build slightly cleaner.
f596577 
Fixed make to honor dependencies.
Added a clean target and removed build artifacts.
Added vendor directory to allow build to work without additional
cloning.
@cheftako
Switching standard executables to live in cmd.
9432436 
Moved 4 executables go programs to live in cmd.
Switched them to use Cobra to make it easy to add flags.
Collapsed original example into new example.
Renamed to Proxy and Agent to make example more clear.
Fixed arrow.
@cheftako
Added support for mTLS.
6351d63 
Added mTLS support between client and proxy.
Still need to add support between agent and proxy.
Further enhanced makefile to support mtls.
Added build for binaries.
Updated readme to reflect this.
@anfernee @cheftako
Update vendors by dep init
d4e5512
@cheftako
Updated code to handle mTLS between proxy and agent.
0e8c8fc 
Added mTLS support to agent connection.
Added second set of credentials for agent side.
Updated server to support different credentials on each side.
Fixed a few minor issues in logs to make the consistent.
Updated proto for protoc 3.6.1
@cheftako
Added rudimentary healthz endpoints to proxy server and agent.
b12387b 
Added http server for port 8092 to proxy server.
Returns 200/ok unless the process is down.
Should make it a bit smarter with a readiness endpoint.
Should consider metrics and pprof as well.
Similarly added http server for port 8093 to proxy agent.
@cheftako
Added proper metrics endpoint.
dc4e184 
Split out (muxed) liveness, readiness and metrics endpoints.
Did this on both agent and proxy.
Now ignore unrecognized request paths on the admin port.
Fixed header on readme.
@anfernee @cheftako
Add new proto interface for proxy2
d0da4f2
@anfernee @cheftako
Revert "Add new proto interface for proxy2"
3e0cc00 
This reverts commit 81bc960.
@anfernee @cheftako
Move proxy-to-remote traffic into a goroutine
f8d5c2c 
To avoid a slow remote connection blocking the agent.
@cheftako
[WIP] Adding mTLS changes.
5f6c129
@cheftako
Fixed sleep to be a connected channel.
a83aee4 
Fixed logging feedback from anfernee
@cheftako
Fixed issue with grpc client.
35fcdb8 
Added README for using curl as a client.
@k8s-ci-robot k8s-ci-robot added the sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. label Apr 22, 2019
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 22, 2019

@cheftako: GitHub didn't allow me to assign the following users: anfernee.

Note that only kubernetes-sigs members and repo collaborators can be assigned and that issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

Details

In response to this:

This merges the initial prototype code for network proxy into the repo.
The prototype is for https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190226-network-proxy.md
/sig cloud-provider
/assign @anfernee

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 22, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheftako

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 22, 2019
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Apr 22, 2019
@anfernee
Copy link
Copy Markdown
Contributor

anfernee commented Apr 22, 2019

/lgtm

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 23, 2019

@anfernee: changing LGTM is restricted to assignees, and only kubernetes-sigs/apiserver-network-proxy repo collaborators may be assigned issues.

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@cheftako cheftako merged commit 7d26b9f into kubernetes-sigs:master Apr 23, 2019
andrewsykim
andrewsykim reviewed Apr 23, 2019
View reviewed changes
cmd/agent/main.go
@@ -0,0 +1,185 @@
package main
Copy link
Copy Markdown
Member

@andrewsykim andrewsykim Apr 23, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is still a WIP, but do we need license headers here?

Copy link
Copy Markdown
Contributor Author

@cheftako cheftako Apr 23, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Want to get your first commit to this repo?

@cheftako
Copy link
Copy Markdown
Contributor Author

cheftako commented Jul 16, 2019

So the general idea is that there would be a proxy server co-located with each Kubernetes API Server (KAS). Currently we would have a proxy agent running in each Node connecting to each proxy server. One obvious improvement (which I will now go and file, thank you) is that a proxy agent should be able to connect to multiple proxy servers, so we don't need 3 proxy agents per Node. (One for each master in the HA). The slightly longer term issue to solve is that for LARGE clusters we do not need every Node to run a proxy agent. The routing portion of running sparse proxy agents on the cluster is a solved problem. The issue then is that for large clusters you want something like a DaemonSet but with sparse distribution. This is currently considered to be a Deployment issue on the cluster and as such not something which can be fixed in this repo.

@cheftako cheftako mentioned this pull request Jul 16, 2019
Closed
@dberkov dberkov mentioned this pull request Jan 6, 2020
Merged
sjenning added a commit to sjenning/apiserver-network-proxy that referenced this pull request Jul 7, 2021
@sjenning
Merge pull request kubernetes-sigs#1 from sjenning/add-dockerfile
6eb779e 
Add vendor tree, Dockerfile, override OWNERs, and upstream carry fixes
@cheftako cheftako mentioned this pull request Sep 7, 2022
Merged
@carreter carreter mentioned this pull request Jun 27, 2024
Closed
@jkh52 jkh52 mentioned this pull request Aug 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcrute mcrute Awaiting requested review from mcrute

1 more reviewer

@andrewsykim andrewsykim andrewsykim left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@cheftako @k8s-ci-robot @anfernee @texascloud @yue9944882 @andrewsykim