-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] What is the DNS best practice in the OpenYurt edge cluster? #515
Comments
@SataQiu Thank you for raising issue. I think we can follow the best practice of CoreDNS community. CoreDNS is the up dns for nodeLocalDNS, and nodeLocalDNS is a daemon app for every node. so, yurthub maybe need to deploy on both edge and cloud nodes. |
@SataQiu @Fei-Guo @huangyuqi @gnunu @zzguang @yixingjia @DrmagicE @kadisi And CoreDNS is system component for OpenYurt edge cluster, so i think that end users do not need to maintain CoreDNS deployment, maybe we can add a label for NodePool to enable or disable deployment of CoreDNS like ingress controller. we can call all of these abilities(like ingress controller, CoreDNS) as NodePool governance ability. |
For nodepool level CoreDNS, agree with @rambohe-ch to treat it as a nodepool innate feature and add the related implementation in nodepool operator, end users only need to operate on the nodepool to enable/disable this feature while the deployment is transparent to them, so it will improve the ease of use for this feature. |
OK. So let's deploy YurtHub on both edge and cloud nodes to support service topology awareness. |
I think deploying apps is beyond the scope of |
The key point is whether we treat CoreDNS as an ordinary user app. |
@Fei-Guo Do you have any comments about above discussions? |
Yes, we should differ system components from pure application workload, for the former may involve control plane operation occuring in cloud space, such as installing webhook services. Even worse is that those system components' deployments maybe case by case. Ingress needs services and webhooks, CoreDNS has its own requirements, and so do others like load balancer, etc. I think this pecularity is "edge native": nodepool is our edge, and not always reachable from cloud (even with yurttunnel), so when adding a nodepool level feature, we want the feature belongs to the nodepool, while being managable from cloud master at the same time, through or not yurthub. From this "edge native" viewpoint, we want most of our feature really run in nodepool and at best form a close loop, i.e., incur south-north communication as less as possible. Sounds we need a general way to deploy such "edge native" service? As for CoreDNs and Ingress at the nodepool level, definitely they are features of nodepool (edge). So sounds it's a good idea to add a switch for nodepool to enable/disable these features. We also can add a general switch at the whole cluster level to do easy control. If the general switch is off, all nodepool have that feature switched off. While if the general switch is on, nodepool has ability to disable the feature using its own switch. As for impelemtation, before we have a general way to deploy system level components, sounds it's good idea to reuse/enhance nodepool operator. |
I agree to include ingress in the node pool as a property of the node pool spec,This is an example:
|
|
@Fei-Guo @zzguang @gnunu @SataQiu @kadisi @DrmagicE and many other community members have discussed this issue in OpenYurt community meeting(2021.10.20), and have got the following conclusion:
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Signed-off-by: zhenggu1 <[email protected]>
At present, we have a variety of DNS resolution implementations:
--cluster-dns=127.0.0.1
openyurt.io/topologyKeys=kubernetes.io/hostname
into CoreDNS Service.The benefit of options 1 and 3 is that you do not need to deploy YurtHub on cloud nodes.
The benefit of option 2 is CoreDNS Pod can run in the Pod network and the topology awareness is supported on both cloud and edge.
The advantage of option 3 over option 1 is that there is no additional configuration of Kubelet and no need to modify the existing CoreDNS Deployment or DaemonSet in the system.
So what is the DNS best practice in the OpenYurt edge cluster?
The text was updated successfully, but these errors were encountered: