-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: enhance cluster networking capabilities. #637
Proposal: enhance cluster networking capabilities. #637
Conversation
@DrmagicE: GitHub didn't allow me to assign the following users: your_reviewer. Note that only openyurtio members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi, it's really an exciting feature, but I still have some questions here.
|
@Congrool Hi, thanks for your feedback.
But we should notice that not all CNI respects I suggest we start with flannel CNI, which is simple and widely use in OpenYurt.
No they don't need a restart. The solution introduced in this proposal will not change the
Yes, still trying to figure out a way to solve the problem. It is an inevitable issue If we want this solution to replace the YurtTunnel. |
@DrmagicE @Congrool podCIDR is allocated to every node by rangeAllocator in |
@rambohe-ch Thanks for your reply. |
@DrmagicE Thanks for your feedback. if calico IPAM does not belong to |
A new component that is responsible for configuring route table, route policy and other network-related configurations on nodes. | ||
YurtRouter is a daemonset and is deployed on all nodepools that are participating in the VPN tunnel. | ||
|
||
### Network Reachability Requirement |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This requirement is pretty challenge on edge side, Do you consider running a service on cloud to help establish the tunnel between different node-pools?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yixingjia edge yurt-gateway can connect with each other through cloud yurt-gateway. and the detail info will be added after next community meeting discussion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, then the yurt-gateway on cloud can consider to change name like yurt-cloud-gateway and the gateway on the edge called yurt-edge-gateway. SDN have similar implementation for those kinds of requirements.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yixingjia we will discuss component name in the other proposal.
Thus, YurtGateway is not aware of failover of the other side, and when failover occurs, the VPN tunnel is broken. | ||
|
||
To fix that: | ||
1. YurtGateway should be able to detect the VPN status. Once it detects failover on the other side, it will try to connect the other backup. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How the yurtGateway
to know the new active gateway
in target nodepool
when a failover occurred in target nodepool
, I remember we have leader election
to handle the SPOF, but how others know exactly who win the election?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vincent-pli Hi, sorry for the late reply. Base on discussions on our latest community meeting, we may not support H/A in our first release.We need to think more carefully about how to achieve H/A, especially in node autonomy circumstances.
Welcome to get involved and share your ideas.
hi @DrmagicE can you add some detail about how to config vxlan to redirect traffic to the gateway node I'm a little confused. thanks |
Hi, "redirect vxlan traffic to gateway node" is based on IP packet forwarding. We can configure the IP route table of non-gateway nodes via the For vxlan mode, the routing rules are as same as host-gw mode. Here is an example shown in the proposal:
|
@DrmagicE I will merge this pull request, and the detail design like API will be discussed in raven repo(htts://github.com/openyurtio/raven). |
@rambohe-ch Ok. |
/lgtm |
thanks for the reply @DrmagicE . and sorry for the late. personal tried to lead traffic from nodeA -> nodeB using vxlan device.
in all, simply adding vxlan、route table is not enough to redirect traffic. what I did to make it work:
maybe I make things complicated. Oh, by the way. I can't simply use the |
@adamzhoul we can discuss the details of raven at https://github.com/openyurtio/raven, and i will merge this pull request at first. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: DrmagicE, rambohe-ch The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?
other Note