[Question] How to proxy requests from cloud to pod (not hostNetwork) on edge?

[tiezhuoyu]

What happened:
Hi, i want to know if it is possible to proxy requests from cloud to pods (not hostNetwork mod) on edge? I found issue issue#138, but it works on hostNetwork mod.

Thanks!

What you expected to happen:
For example, pod1(192.168.0.5) on cloud node, and pod2(192.168.4.5) on edge node.
If it is possible pod1 send reqeust like 'GET http://192.168.4.5:80' ?

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

• OpenYurt version: v0.5.0
• Kubernetes version (use kubectl version): v1.18.2
• OS (e.g: cat /etc/os-release):
• Kernel (e.g. uname -a):
• Install tools: yurtctl init & yurtctl join
• Others:

others
/kind question

[DrmagicE]

@tiezhuoyu Thank you for raising the issue.
Proxying to not hostNetwork pod is not supported at present, but in some cases, we do need proxy requests from cloud to edge service. For instance, the prometheus server in the cloud-side may expect to request the metric endpoint of the edge components through their service endpoint. How about implementing this feature to YurtTunnel? @rambohe-ch

[rambohe-ch]

@tiezhuoyu Thank you for raising this issue.
Proxy request from cloud to edge pods(not hostnetwork) is not supported at present as @DrmagicE has replied. and Would you be able to describe the detail scenario about this requirement?

[rambohe-ch]

@tiezhuoyu Thank you for raising the issue. Proxying to not hostNetwork pod is not supported at present, but in some cases, we do need proxy requests from cloud to edge service. For instance, the prometheus server in the cloud-side may expect to request the metric endpoint of the edge components through their service endpoint. How about implementing this feature to YurtTunnel? @rambohe-ch

@DrmagicE I think it's more general to use service to access pods in kubernetes. so if proxy requests from cloud to edge service, i'd like to sure that the problem in the issue is also solved. @DrmagicE @tiezhuoyu Do you have interest to take over and solve this feature?

[DrmagicE]

@rambohe-ch Yes, I'll try it.

[rambohe-ch]

/assign @DrmagicE

[lujinda]

We are designing a solution that connects the edge and the edge, and the edge and the cloud network. The general idea is to use IPSec (or other) to connect to each data center, and then use IPSec to send the traffic of the Pod in one data center to other data centers. Plan to integrate with openyurt. The plan hopes that the intrusion to the Pod is small enough.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[rambohe-ch]

/pinned

[rambohe-ch]

@tiezhuoyu Pods(not hostNetwork) connection across public network will be solved by raven, also you can dive into the proposal: https://github.com/openyurtio/openyurt/blob/master/docs/proposals/20211123-enhancement-of-cluster-networking.md

and we will close this issue, and you reopen or create a new issue if you have any other questions.

[tiezhuoyu]

@rambohe-ch that's a greate work 👍