Comments (6)
kiranmeduri
commented on July 24, 2024
Related issue in Kubernetes kubernetes/kubernetes#69882. This will make it simple to use CNI without running a separate controller.
from aws-app-mesh-controller-for-k8s.
kiranmeduri
commented on July 24, 2024
kubernetes/kubernetes#69882 is still open.
tldr: CNI in Kubernetes that needs to read Pod annotations to perform its actions currently needs to read pod-info from API server (watch pods). This is logic is not performed in amazon-vpc-cni-plugins.
At this point best bet is to contribute appmesh support under https://github.com/aws/amazon-vpc-cni-k8s. Asking @mogren and @ofiliz for guidance.
from aws-app-mesh-controller-for-k8s.
jaypipes
commented on July 24, 2024
@kiranmeduri are you recommending that we essentially subsume the functionality of aws-appmesh-proxy-route-manager into the VPC CNI routed-eni plugin? We would look for pod annotations and create the iptables rules as appropriate (basically, what aws-appmesh-proxy-route-manager currently does in-process in the sidecar)?
from aws-app-mesh-controller-for-k8s.
mogren
commented on July 24, 2024
@kiranmeduri The CNI has a watcher already, scoped to pods on the current node:
What is it that aws-appmesh-proxy-route-manager does?
from aws-app-mesh-controller-for-k8s.
ofiliz
commented on July 24, 2024
I don't think we should replicate the logic in aws-appmesh CNI plugin. I assume you meant that the IPAMd daemon (not the vpc-cni-k8s CNI plugin itself) can watch the pods. In that case, instead of replicating the logic, IPAMd could either invoke the aws-appmesh binary itself, or use another mux CNI plugin to do so. However that work would be incompatible with CNI2 and vpc-resource-controller.
A much better solution is to do a full working backwards. Until then, use the init container instead of the CNI plugin.
from aws-app-mesh-controller-for-k8s.
fawadkhaliq
commented on July 24, 2024
Adding this logic to existing CNI plugin would be limiting for multiple reasons 1) what ofiliz@ mentioned 2) we don't want to have a tight coupling/hard dependency between AWS CNI and App Mesh use-uses. There might be clusters which run a different CNI plugin so a CNI with init container only logic chained with other CNI plugins would be better 3) complexity in the VPC CNI (it doing more than one thing), bigger testing matrix, release dependencies across these use-cases
from aws-app-mesh-controller-for-k8s.
Related Issues (20)
- Second Listener for Virtual Nodes HOT 2
- PostStart hook fails if `envoyAdminAccessPort` is set HOT 3
- GatewayRoute Selector Inconsistent Behavior
- Virtual Node DNS service discovery is not working as expected HOT 2
- Outdated Changelog and release list
- Support for GatewayRoute target port HOT 1
- Unable to create routes for VirtualRouter with multiple listener HOT 4
- GatewayRoute Admission Webhook not in keeping with AWS API/UI: match prefix does not need to end in '/' HOT 1
- After modyifing the virtualrouter/virtualnode k8s manifest file it not update changes inPlace HOT 11
- GrpcRouteMatch port match error despite defining it HOT 6
- can't inject env var with a comma in it's value HOT 4
- 🚨 appmesh-envoy:v1.27.0.0-prod does not run HOT 2
- Override APPMESH_EGRESS_IGNORED_PORTS in injected proxyInit container HOT 4
- Does the cloudmap namespace have to match the k8s namespace? HOT 10
- No Init or Sidecar containers injected HOT 2
- cert-manager api deprecated HOT 1
- Missing documentation for that EKS VPC Endpoint is required for private cluster
- Cannot update VirtualRouter listener protocol with defined routes
- Cannot create sidecar containers
- Add new option to inject envoy container using sidecar feature provided by Kubernetes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-app-mesh-controller-for-k8s.