feat: support multiple kubernets clusters discovery

[zhixiongdu027]

Description

Fixes # (issue)
#7569 -> -- Support mulitple kubernets cluster
#7199 , #7185 -> -- Remove possible extra spaces in client.token

Checklist

• [y] I have explained the need for this PR and the problem it solves
• [y] I have explained the changes or the new features added to this PR
• [y] I have added tests corresponding to this change
• [] I have updated the documentation to reflect this change
• [y] I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

Todo

Doc ...

[zhixiongdu027]

@spacewander @tokers @tzssangglass
Hello:

I think the code part is already ready for review,

The documentation part will be submitted later

Please help for review ,Many TKS.

[spacewander]

We don't need to disable admin when config_center is yaml. Many existing yaml relative tests have this configuration, but we can remove it from the new test.

[spacewander]

I found an one-line script to remove them:
grep -lP 'config_center: yaml\n\s+enable_admin: false' t/*/*.t |xargs -r sed -i -r -z 's/\n\s+enable_admin: false\n/\n/g'

[zhixiongdu027]

seems like remove "enable_admin: false" will cause all test case fail

[spacewander]

We can save some repeated fields with something like service = xxx.service?

[zhixiongdu027]

Maybe not a good idea , because service had default value in single mode but no default value in multiple mode .

[spacewander]

Better to move the setmetatable together with pcall and others.

[spacewander]

We should use error level log?

[spacewander]

Suggested change

	core.log.info("id not exis")
	core.log.info("id not exist")

[spacewander]

I would recommend using string.format which is more common

[spacewander]

What about reusing the namespace_selector schema?

[zhixiongdu027]

ok, I'll try to optimize the schema fully

[tzssangglass]

we should update config-default.yaml, added id attribute

[zhixiongdu027]

sorry i didn't understand what you mean @tzssangglass

[tzssangglass]

here:

apisix/conf/config-default.yaml

Lines 307 to 336 in 2a44ba6

	# kubernetes:
	# service:
	# schema: https #apiserver schema, options [http, https], default https
	# host: ${KUBERNETES_SERVICE_HOST} #apiserver host, options [ipv4, ipv6, domain, environment variable], default ${KUBERNETES_SERVICE_HOST}
	# port: ${KUBERNETES_SERVICE_PORT} #apiserver port, options [port number, environment variable], default ${KUBERNETES_SERVICE_PORT}
	# client:
	# # serviceaccount token or path of serviceaccount token_file
	# token_file: ${KUBERNETES_CLIENT_TOKEN_FILE}
	# # token: |-
	# # eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEif
	# # 6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEifeyJhbGciOiJSUzI1NiIsImtpZCI
	# # kubernetes discovery plugin support use namespace_selector
	# # you can use one of [equal, not_equal, match, not_match] filter namespace
	# namespace_selector:
	# # only save endpoints with namespace equal default
	# equal: default
	# # only save endpoints with namespace not equal default
	# #not_equal: default
	# # only save endpoints with namespace match one of [default, ^my-[a-z]+$]
	# #match:
	# #- default
	# #- ^my-[a-z]+$
	# # only save endpoints with namespace not match one of [default, ^my-[a-z]+$ ]
	# #not_match:
	# #- default
	# #- ^my-[a-z]+$
	# # kubernetes discovery plugin support use label_selector
	# # for the expression of label_selector, please refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
	# label_selector: |-
	# first="a",second="b"

only single_mode_nodes configuration here

[zhixiongdu027]

Ok ,get your point .
This part will be submitted together with the documentation

[tzssangglass]

A discussion:

In the current implementation, single cluster and multiple clusters are implemented separately in the code.

Can we support only multiple clusters, the original single cluster just has a cluster of multiple clusters.

[zhixiongdu027]

"Can we support only multiple clusters"

Makes me think it has two meanings.

1: Abandon compatibility with the current single cluster configuration, users need to manually modify the previous configuration after the upgrade, otherwise it cannot be used

2: Compatible with the current single cluster configuration, but modify the code to treat the single cluster as a multi-cluster configuration with only one array element

I think you may mean 2,

However, there is no full benefit, but it brings performance loss.
Because the performance when dealing with multi-cluster configurations is lower than that of single-cluster configurations

[tzssangglass]

"RuntimeException" does not look like APISIX style logs

[zhixiongdu027]

But i think is kubernetes style

[tzssangglass]

People view APISIX logs from here, and we don't use their style of logs for every new ecology we dock.

[zhixiongdu027]

I think it's best practice to keep things as they are

In the List-Watch process, there are many error messages that may appear in many Kubernetes responses, all of them are in this format (Reason and Message)

It's not necessary to change the raw error message content for "apisix style"

[tokers]

Use plural: discovery_shared_dicts.

[tzssangglass]

"Can we support only multiple clusters"

Makes me think it has two meanings.

1: Abandon compatibility with the current single cluster configuration, users need to manually modify the previous configuration after the upgrade, otherwise it cannot be used

2: Compatible with the current single cluster configuration, but modify the code to treat the single cluster as a multi-cluster configuration with only one array element

I think you may mean 2,

However, there is no full benefit, but it brings performance loss. Because the performance when dealing with multi-cluster configurations is lower than that of single-cluster configurations

I mean 1.

but it brings performance loss.
Because the performance when dealing with multi-cluster configurations is lower than that of single-cluster configurations

It's persuasive. Can you talk more about performance loss.

[zhixiongdu027]

I mean 1.

Maybe this needs more people to join the discussion

It's persuasive. Can you talk more about performance loss.

Additional id detection and table field access are required in the multiple_mode_nodes function, obviously there is a certain performance loss

[spacewander]

@zhixiongdu027
We are going to release a new version next week. Would you like to add a doc before that?

[zhixiongdu027]

I will asap, it may take three or four days

[wolgod]

i see lua_shared_dict kubernetes default is 1m , If there are many services in multiple cluster, it may not be enough, but it cannot be set very large. How to evaluate the memory usage of a service?

[zhixiongdu027]

i see lua_shared_dict kubernetes default is 1m , If there are many services in multiple cluster, it may not be enough, but it cannot be set very large. How to evaluate the memory usage of a service?

@wolgod

Please don't worry.
Usually, 1m of memory can store about 1000 endpoints information

And in multi-cluster mode, each cluster uses its own ngx.shared.DICT.
For example, if you define a release cluster and a debug cluster,
Then there will be two ngx.shared.DICT:
[ kubernetes-release , kubernetes-debug ] ,
and you can specify the memory size separately

In addition, you can use namespace_selector and label_selector to filter endpoint information to reduce memory

[wolgod]

thanks, I wonder if the community will support apisix-seed service discovery for kubernetes discovery in the future?

[zhixiongdu027]

@wolgod
This is not a place for discussion, you should create a ISSUE

[wolgod]

thanks, Will there be a release for 2.15.x support multiple kubernets clusters discovery ？ because apisix 2.x can't switch to version 3 seamlessly

[tzssangglass]

thanks, Will there be a release for 2.15.x support multiple kubernets clusters discovery ？ because apisix 2.x can't switch to version 3 seamlessly

No, functional PRs are not back-ported.