tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-06-19 10:18:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Refactored k8s endpoints PR +semver: major

Browse Source
This commit is contained in:
TomPallister
2020-04-11 11:48:47 +01:00
parent fd7c6d7a5b 84907bd4ce
commit 6e5471a714
7 changed files with 105 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/features/kubernetes.rst
View File

@ -1,7 +1,9 @@
Kubernetes
==============
This feature was requested as part of `Issue 345 <https://github.com/ThreeMammals/Ocelot/issues/345>`_ . to add support for kubernetes's service discovery provider.
This feature was requested as part of `Issue 345 <https://github.com/ThreeMammals/Ocelot/issues/345>`_ . to add support for kubernetes's provider.
Ocelot will call the k8s endpoints API in a given namespace to get all of the endpoints for a pod and then load balance across them. Ocelot used to use the services api to send requests to the k8s service but this was changed in `PR 1134 <https://github.com/ThreeMammals/Ocelot/pull/1134>`_ because the service did not load balance as expected.
The first thing you need to do is install the NuGet package that provides kubernetes support in Ocelot.
@ -23,7 +25,7 @@ If you have services deployed in kubernetes you will normally use the naming ser
}
You can replicate a Permissive. Using RBAC role bindings.
`Permissive RBAC Permissions <https://kubernetes.io/docs/reference/access-authn-authz/rbac/#permissive-rbac-permissions>`_, k8s api server and token will read from pod .
`Permissive RBAC Permissions <https://kubernetes.io/docs/reference/access-authn-authz/rbac/#permissive-rbac-permissions>`_, k8s api server and token will read from pod.
.. code-block::bash
kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts
@ -76,7 +78,7 @@ The polling interval is in milliseconds and tells Ocelot how often to call kuber
Please note there are tradeoffs here. If you poll kubernetes it is possible Ocelot will not know if a service is down depending on your polling interval and you might get more errors than if you get the latest services per request. This really depends on how volatile your services are. I doubt it will matter for most people and polling may give a tiny performance improvement over calling kubernetes per request.
There is no way for Ocelot to work these out for you.
If your downstream service resides in a different namespace you can override the global setting at the ReRoute level by specifying a ServiceNamespace
If your downstream service resides in a different namespace you can override the global setting at the ReRoute level by specifying a ServiceNamespace.
.. code-block:: json