Multi-cluster api gateway based on apiserver-aggregation.

Overview

Cluster Gateway

"Cluster-Gateway" is a gateway apiserver for routing kubernetes api traffic to multiple kubernetes clusters. Additionally, the gateway is completely pluggable for a running kubernetes cluster natively because it is developed based on the native api extensibility named apiserver-aggregation. A new extended resource "cluster.core.oam.dev/ClusterGateway" will be registered into the hosting cluster after properly applying corresponding APIService objects, and the new subresource named "proxy" will be available for every existing "ClusterGateway" resource which is inspired by the original kubernetes "service/proxy", "pod/proxy" subresource.

Overall our "Cluster-Gateway" also has the following merits as a multi-cluster api-gateway solution:

  • Zero-Dependency: Normally an aggregated apiserver must be deployed along with a dedicated etcd cluster which is bringing extra costs for the admins. While our "Cluster-Gateway" can be running completely without etcd instances, because the extended "ClusterGateway" resource are physically stored as secret resources in the hosting kubernetes cluster.

  • Scalability: We can scale out the gateway instances in arbitrary replicas freely. Also it's proven stably working in production for years.

Image

$ docker pull oamdev/cluster-gateway:v1.1.4 # Or other newer tags

Documentation

Run Local: https://github.com/oam-dev/cluster-gateway/blob/master/docs/non-etcd-apiserver/local-run.md

Resource Example

spec: provider: "" access: endpoint: "https://127.0.0.1:9443" caBundle: "..." credential: type: X509Certificate x509: certificate: "..." privateKey: "..." status: { } ">
apiVersion: "cluster.core.oam.dev/v1alpha1"
kind: "ClusterGateway"
metadata:
  name: <..>
spec:
  provider: ""
  access:
    endpoint: "https://127.0.0.1:9443"
    caBundle: "..."
    credential:
      type: X509Certificate
      x509:
        certificate: "..."
        privateKey: "..."
status: { }      
Comments
  • cluster-gateway addon status

    cluster-gateway addon status

    How to check the cluster-gateway addon deployed successfully? I have install the cluster-gateway addon and got some info.

    Message :"The status of cluster-gateway add-on is unknow" Reason: "ManagedClusterAddOnLeaseNotFound" Status:"Unknow" Type:"Available"

    And I got nothing after exec "kubectl get clustergateway".Is there any way to troubleshoot?

    opened by wangzd1 9
  • multicluster wrap add enhance roundtripper, support informer cache

    multicluster wrap add enhance roundtripper, support informer cache

    Signed-off-by: champly [email protected]

    multicluster.NewClusterGatewayRoundTripper not support informer cache. Because informerFactory.Start use ctx listen for stop signals. So add enhance rounttripper include clusterName.

    opened by champly 3
  • do authorization on local cluster before forward request

    do authorization on local cluster before forward request

    Today gateway using cluster credential to forward the request. In multiple tenants, it means all tenants will share same credential and permission to access the target cluster, it is a security risk.

    In multiple clusters management, we can assume hub cluster and managed cluster have same structure, for example, create namespace1 for user1 with dev permission on hub cluster, multiple clusters management will create namespace1 on all managed cluster.

    With this assumption, to fix the issue above, gateway could do authorization on hub cluster before forward the request, for example, if user1 wants to access namespace1 on managed cluster, then forward, but if user2 wants to access namespace1 on managed cluster, then reject.

    feature flag - --proxy-local-authorization=true to enable the change, default is false

    opened by zychina 1
  • Feat: add log args

    Feat: add log args

    Signed-off-by: Yin Da [email protected]

    Add logging arguments for cluster-gateway.

    Fixes https://github.com/oam-dev/cluster-gateway/issues/104.

    opened by Somefive 0
  • Fix: allow plain secret use when ocm integration enabled

    Fix: allow plain secret use when ocm integration enabled

    Signed-off-by: Yin Da [email protected]

    When --ocm-integration enabled, clusters managed by direct secrets are unavailable to provide services. This PR fixes it.

    opened by Somefive 0
  • Basing onto ANP upstream's connection leakage fix

    Basing onto ANP upstream's connection leakage fix

    Bumping ANP library to v0.0.30, bumping konnectivity library to commit 5308cea

    ref: https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/341

    opened by yue9944882 0
  • [Feat] Support the joined clusters can be set OFFLINE

    [Feat] Support the joined clusters can be set OFFLINE

    OFFLINE means that all the requests come to the offline clusters will be bypass and return normally, and

    • vela-core can recognize the defined return code, and set the status for applicaiton cr depending on the defined return code
    • vela-apiserver can recognize the defined return code, and return the Rest-API or CLI call depending on the defined return code
    opened by oeular 0
  • Get pod log timeout

    Get pod log timeout

    当我通过cluster-gateway调用 pod GetLogs接口是会出现连接断开的问题,大概是1分钟左右。 version:v1.3.2 cluster-gateway日志如下: 2022/04/28 13:17:37 httputil: ReverseProxy read error during body copy: context deadline exceeded E0428 13:17:37.307985 1 wrap.go:54] timeout or abort while handling: method=GET URI="/apis/cluster.core.oam.dev/v1alpha1/clustergateways/cluster1/proxy/api/v1/namespaces/kube-system/pods/kube-apiserver-node1/log?follow=true&tailLines=150" audit-ID="25c2a7a7-7a2f-4bf6-b805-105771b6ebfd" E0428 13:17:37.308822 1 timeout.go:137] post-timeout activity - time-elapsed: 803.726µs, GET "/apis/cluster.core.oam.dev/v1alpha1/clustergateways/cluster1/proxy/api/v1/namespaces/kube-system/pods/kube-apiserver-node1/log" result: net/http: abort Handler 2022/04/28 13:21:46 httputil: ReverseProxy read error during body copy: context deadline exceeded E0428 13:21:46.937195 1 wrap.go:54] timeout or abort while handling: method=GET URI="/apis/cluster.core.oam.dev/v1alpha1/clustergateways/cluster1/proxy/api/v1/namespaces/kube-system/pods/kube-apiserver-node1/log?follow=true&tailLines=150" audit-ID="7cd14081-a0d9-4bf7-a85d-a8db310e7b40" E0428 13:21:46.943292 1 timeout.go:137] post-timeout activity - time-elapsed: 6.018041ms, GET "/apis/cluster.core.oam.dev/v1alpha1/clustergateways/cluster1/proxy/api/v1/namespaces/kube-system/pods/kube-apiserver-node1/log" result: net/http: abort Handler

    bug 
    opened by ghostloda 0
Releases(v1.5.0)
Owner
Open Application Model
Make shipping applications more enjoyable.
Open Application Model
:mailbox_closed: Your own local SMS gateway in Go

gosms Your own local SMS gateway What's the use ? Can be used to send SMS, where you don't have access to internet or cannot use Web SMS gateways or w

null 1.4k Sep 13, 2022
grpc + grpc gateway demo

grpc + grpc gateway demo

null 0 Nov 5, 2021
Nodebook - Multi-Lang Web REPL + CLI Code runner

nodebook Nodebook - Multi-Language REPL with Web UI + CLI code runner Useful to practice algorithms and datastructures for coding interviews. What is

Jérôme Schneider 1.6k Sep 24, 2022
did:ar | multi-chain DIDs backed by Arweave

did:ar | multi-chain DIDs backed by Arweave - THIS IS A WIP ABSOLUTELY SHOULD NOT BE USED IN PRODUCTION ___ ___

Glass 15 Jul 31, 2022
Packer Plugin Vagrant - The Vagrant multi-component plugin can be used with HashiCorp Packer to create custom images

Packer Plugin Vagrant - The Vagrant multi-component plugin can be used with HashiCorp Packer to create custom images

null 1 Jul 13, 2022
Ecsgo - Cache friendly, Multi threading Entity Component System in Go (with Generic)

ECSGo ECSGo is an Entity Component System(ECS) in Go. This is made with Generic

Vong Kong 15 Sep 9, 2022
Executor - Wrapper for exec.Command for simple using and multi commands executing

executor Examples package main import ( "fmt" "github.com/solar-jsoc/execut

null 5 Feb 12, 2022
cluster registration and lifecycle

Cluster Registration Contains controllers that support the registration of managed clusters to a hub to place them under management. Community, discus

Open Cluster Management 36 Sep 27, 2022
Control external Fan to cool down your raspi cluster

Fan control for Raspberry Pi This is a small project that I build in order to cool down my raspi home cluster The case I use have some external fans t

Carlos Tadeu Panato Junior 13 Dec 11, 2021
A restart tracker that gives context to what is restarting in your cluster

A restart tracker that gives context to what is restarting in your cluster

Soraro Labs 48 Aug 22, 2022
Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure.

yubigo Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubikey into any Go application. Installation Installation is

Geert-Johan Riemer 123 Aug 5, 2022
Basic-api-with-go - A basic api with golang

I am creating my first API with GO. Install go get -u github.com/Yefhem/basic-ap

Yefhem 1 Jan 3, 2022
Go API wrapper for Greenhouse.io API

Greenhouse IO A Go interface to Greenhouse.io's API Useage Creating the Client NewClient accepts: A context; used for any HTTP requests made using the

Grayscale 0 Jan 14, 2022
Flow-based and dataflow programming library for Go (golang)

GoFlow - Dataflow and Flow-based programming library for Go (golang) Status of this branch (WIP) Warning: you are currently on v1 branch of GoFlow. v1

Vladimir Sibirov 1.4k Sep 21, 2022
GObject-introspection based bindings generator

WARNING! This project is no longer maintained. Probably doesn't even compile. GObject-introspection based bindings generator for Go. Work in progress

null 47 Jan 5, 2022
A Go based HTTP Botnet

Second interation of GoBot, https://github.com/SaturnsVoid/GoBot2 GoBot GoBot is a project i am working on as i learn Go. GoBot is a PoC(Proof of Conc

Adam 110 Sep 23, 2022
Generate spreadsheets based on GitHub contributions

pullsheet generates a CSV (comma separated values) & HTML output about GitHub activity across a series of repositories.

Google 60 Sep 20, 2022
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

The Moby Project Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of tool

Moby 64.1k Sep 28, 2022
A modern and intuitive terminal-based text editor

micro is a terminal-based text editor that aims to be easy to use and intuitive, while also taking advantage of the capabilities of modern terminals.

Zachary Yedidia 20.3k Sep 21, 2022