Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubertnes API access docs #2308

Merged
merged 1 commit into from
Jan 30, 2024
Merged

Kubertnes API access docs #2308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/_toc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ subtrees:
entries:
- file: usage/peer.md
- file: usage/namespace-offloading.md
- file: usage/kubernetes-api.md
- file: usage/reflection.md
- file: usage/stateful-applications.md
- file: usage/prometheus-metrics.md
Expand Down
32 changes: 32 additions & 0 deletions docs/usage/kubernetes-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Kubernetes API

This section describes the possible configurations for accessing the Kubernetes API from offloaded pods.

## Overview

The offloaded Pods can be configured to access the Kubernetes API of the home cluster (the one they are originating from), or of the foreign cluster (the one they are running on), or to be completely disabled.

This feature can be configured per pod, by setting the `liqo.io/api-server-support: disabled | remote` annotation.
Leave the annotation unset to use the default configuration.

## Default configuration

By default, the offloaded Pods are configured to access the Kubernetes API of the home cluster.
When the Virtual Kubelet offloads a Pod, it injects the required environment variables to access the Kubernetes API of the home cluster, sets the DNS entries to access the Kubernetes API of the home cluster, and mounts the required certificates to access the Kubernetes API of the home cluster.
In this way, the offloaded Pods can access the Kubernetes API of the home cluster using the standard Kubernetes client libraries as if they were running on the home cluster.

### Overriding the default Kubernetes API server

In particular scenarios, it may be necessary to override the default Kubernetes API server.
By default, Liqo will make it available through the `liqo-proxy` deployment leveraging the cluster network interconnection.
You can override the default Kubernetes API server by setting the `--home-api-server-host=<your API server host>` and/or `--home-api-server-port=<your API server port>` as extra arguments to the Virtual Kubelet deployments.

## Accessing the Kubernetes API of the foreign cluster

The offloaded Pods can be configured to access the Kubernetes API of the foreign cluster.
When the Virtual Kubelet offloads a Pod, the mounted ServiceAccount will not be mutated, and the offloaded Pods will be able to access the Kubernetes API of the foreign cluster using the standard Kubernetes client libraries as native Pods running on the foreign cluster.

By default, the offloaded Pods will mount a ServiceAccount with the same name as the ServiceAccount set in the `serviceAccountName` field of the PodSpec in the home cluster.
If the ServiceAccount does not exist in the foreign cluster, the offloaded Pods will remain in the `Pending` state.

The offloaded Pods can be configured to mount a different ServiceAccount by adding the `liqo.io/remote-service-account-name: <your service account name>` annotation to the home cluster Pod.
Loading