lite-apiserver

A light-weight version of the kube-apiserver running on the edge nodes. It acts as a proxy for requests from all components and pods on the edge node to the cloud apiserver, and caches the responses to achieve edge autonomy in case of the disconnected cloud-edge network.

lite-apiserver has the following functionalities:

  • Caches request for all edge components (kubelet, kube-proxy, etc.) and pods running on edge nodes
  • Provides various authentication mechanism for edge components and pods, including X509 Client Certs, Bearer Token, etc. Support X509 Client Certs rotation
  • Caches all kind of Kubernetes resources, including build-in Kubernetes resources and custom resources
  • Support multiple cache storage, including file, kv storage(bolt, badger)

Architecture

lite-apiserver - 图1

lite-apiserver start a HTTPS Server to accept the request of all Client (HTTPS request). According to the Common Name of TLS certificate, use corresponding ReverseProxy to forwarding the request to kube-apiserver (if not mtls certificate request, using default). When the cloud-edge network is normal, the corresponding https response is returned to the client, and it is asynchronously stored in the cache on demand; when the cloud-edge is disconnected, the request to kube-apiserver times out, lite-apiserver query cache and return the cache data to client, to achieve the purpose of edge autonomy.

Usage

lite-apiserver can be run at the edge as Kubernetes pod or systemd service. See Installation Guide to get more detail.

Demo

  1. Installing lite-apiserver
  2. applying the following yaml to running echoserver
  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: lite-demo
  5.   namespace: default
  6. spec:
  7.   replicas: 1
  8.   selector:
  9.     matchLabels:
  10.       app: echo
  11.   template:
  12.     metadata:
  13.       labels:
  14.         app: echo
  15.     spec:
  16.       containers:
  17.       - image: superedge/echoserver:2.2
  18.         name: echo
  19.         ports:
  20.         - containerPort: 8080
  21.           protocol: TCP
  22.         env:
  23.           - name: NODE_NAME
  24.             valueFrom:
  25.               fieldRef:
  26.                 fieldPath: spec.nodeName
  27.           - name: POD_NAME
  28.             valueFrom:
  29.               fieldRef:
  30.                 fieldPath: metadata.name
  31.           - name: POD_NAMESPACE
  32.             valueFrom:
  33.               fieldRef:
  34.                 fieldPath: metadata.namespace
  35.           - name: POD_IP
  36.             valueFrom:
  37.               fieldRef:
  38.                 fieldPath: status.podIP
  1. Accessing the echoserver,the result is successful
  1. $ kubectl get pods -owide
  2. NAME                        READY   STATUS    RESTARTS   AGE     IP         NODE           NOMINATED NODE   READINESS GATES
  3. lite-demo-c7b458ddc-6lpnx   1/1     Running   0          4m23s   10.0.6.2   ecm-q5hx6hhd   <none>           <none>
  5. $ curl http://10.0.6.2:8080 | grep pod
  6.     pod name:    lite-demo-c7b458ddc-6lpnx
  7.     pod namespace:    default
  8.     pod IP:    10.0.6.2
  1. Disconnecting the network between the node which echoserver running on and kube-apiserver, the node is autonomous.
  2. Accessing the echoserver,the result is successful
  1. $ curl http://10.0.6.2:8080 | grep pod
  2.     pod name:    lite-demo-c7b458ddc-6lpnx
  3.     pod namespace:    default
  4.     pod IP:    10.0.6.2
  1. Rebooting the node, and then accessing echoserver, the result is successful.
  1. $ curl http://10.0.6.2:8080 | grep pod
  2.     pod name:    lite-demo-c7b458ddc-6lpnx
  3.     pod namespace:    default
  4.     pod IP:    10.0.6.2

Last modified June 15, 2021 : Fixed error links and paths (fef537b)