kubernetes 弃用的 SSH 隧道功能的替代方案是什么?
What is the alternative to kubernetes deprecated SSH tunnel feature?
我想在不受信任的网络上设置一个 kubernetes 集群。因此验证节点的服务证书不是一个选项。
在文档中写道,目前有一个替代品正在开发中。
有谁知道这个替代品是什么以及可能在哪里做出贡献?
Kubernetes master-to-cluster communication doesn’t get as much attention as the opposite direction, yet many critical features (kubectl proxy, logs, exec, …) rely on it to function. In order to support secure communications from Kube API Server running on the control network to nodes running on a cluster network, SSH Tunnels were developed. This technology complicates the API Server in a manner which is neither extensible nor popular. The new proposed gRPC based proxy service abstracts this complexity away from the API Server, while providing a greater degree of extensibility. In this talk, we will see how SSH tunnels are implemented right now, what the new proxy service looks like, and how it opens the door to future extensions for use cases like auditing and multi-network support KAS Proxy Service
我们(SIG API MACHINERY、SIG NETWORKING 和 SIG CLOUD PROVIDER)正在为 K8s API 服务器的出站连接添加可配置、可扩展的代理服务。
这是 GitHub 存储库 apiserver-network-proxy
我想在不受信任的网络上设置一个 kubernetes 集群。因此验证节点的服务证书不是一个选项。
在文档中写道,目前有一个替代品正在开发中。
有谁知道这个替代品是什么以及可能在哪里做出贡献?
Kubernetes master-to-cluster communication doesn’t get as much attention as the opposite direction, yet many critical features (kubectl proxy, logs, exec, …) rely on it to function. In order to support secure communications from Kube API Server running on the control network to nodes running on a cluster network, SSH Tunnels were developed. This technology complicates the API Server in a manner which is neither extensible nor popular. The new proposed gRPC based proxy service abstracts this complexity away from the API Server, while providing a greater degree of extensibility. In this talk, we will see how SSH tunnels are implemented right now, what the new proxy service looks like, and how it opens the door to future extensions for use cases like auditing and multi-network support KAS Proxy Service
我们(SIG API MACHINERY、SIG NETWORKING 和 SIG CLOUD PROVIDER)正在为 K8s API 服务器的出站连接添加可配置、可扩展的代理服务。
这是 GitHub 存储库 apiserver-network-proxy