feat(kubernetes): support HA gateway rebalancing#1868
Conversation
|
Label |
24c1003 to
3e590e6
Compare
fb46193 to
a60c79c
Compare
e93a30d to
493f3da
Compare
493f3da to
a831deb
Compare
a831deb to
236c8ab
Compare
| ```bash | ||
| kubectl -n openshell get svc openshell-peer -o wide | ||
| kubectl -n openshell get endpoints openshell-peer | ||
| kubectl -n openshell get pod -l app.kubernetes.io/instance=openshell \ |
There was a problem hiding this comment.
Question: Does naming the envvar OPENSHELL_PEER_SERVICE_ACCOUNT_TOKEN_FILE instead of OPENSHELL_PEER_SERVICE_ACCOUNT_TOKEN_PATH have precedence?
| `kubernetes_ha_rebalancing`. That coverage validates sandbox create/watch and | ||
| exec through the Envoy proxy while gateway replicas scale up, scale down, and | ||
| rotate. |
There was a problem hiding this comment.
Does it also run a longer running sandbox and then perform the operations? Are those relevant / in scope?
98a9372 to
b5be455
Compare
|
|
||
| match mode { | ||
| AuthMode::Unauthenticated | AuthMode::Sandbox => { | ||
| AuthMode::Unauthenticated | AuthMode::Sandbox | AuthMode::Peer => { |
There was a problem hiding this comment.
Is this an exhaustive list? Does matching on _ (after the supported AuthModes) make sense?
| value.span(), | ||
| format!( | ||
| "invalid auth mode `{other}`; expected one of `unauthenticated`, `sandbox`, `bearer`, `dual`" | ||
| "invalid auth mode `{other}`; expected one of `unauthenticated`, `sandbox`, `bearer`, `dual`, `peer`" |
There was a problem hiding this comment.
Nit: Is expanding this list every time we add a new auth mode really what we want to do?
| AuthMode::Bearer => quote! { crate::auth::method_authz::AuthMode::Bearer }, | ||
| AuthMode::Dual => quote! { crate::auth::method_authz::AuthMode::Dual }, | ||
| AuthMode::Peer => quote! { crate::auth::method_authz::AuthMode::Peer }, | ||
| }; |
There was a problem hiding this comment.
Nit: Is this juse the reverse of parse_auth_mode? Should it be a function? (Also what happens when auth.mode is not one of the match arms?
b5be455 to
234110d
Compare
2ae2b85 to
110d918
Compare
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
110d918 to
f620ab9
Compare
Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Summary
Adds HA gateway rebalancing support for Kubernetes deployments so client and supervisor traffic can survive gateway replica scale-up, scale-down, and pod rotation.
This PR targets
maindirectly. The reconciler lease work from #1577 has already landed, so this PR now focuses on peer authentication/routing, supervisor relay handoff, Kubernetes ownership behavior, Helm/Skaffold HA wiring, CLI retry hardening, and HA validation.How it works
The Gateway now exposes a peer Service to let gateway replicas discover and call each other to reach supervisors. When a client request lands on a replica that does not currently own the target sandbox supervisor session, that gateway resolves the owning replica and relays the supervisor traffic to the peer instead of failing the request. Kubernetes lease/reconciler ownership keeps sandbox supervision coordinated as gateway pods scale, roll, or disappear, while the CLI retries transient sync probes during those handoffs.
Related Issue
Closes #1021
Related: #1012, #1429, #1577, #1731, #1488
Changes
Testing
cargo fmt --all -- --checkmise run helm:lintcargo check -p openshell-server --features test-supportmise run pre-committest:e2e-kubernetesChecklist