cloudnative wiki

aggregation-layer

3 min read

Aggregation Layer

The aggregation layer and custom resource definitions (CRDs) are both ways to extend the Kubernetes API, but they serve different purposes and work in distinct ways.

The aggregation layer allows you to extend the Kubernetes API by adding new APIs that run in your cluster but are hosted by separate API servers. These separate API servers can register themselves with the main Kubernetes API server, making their APIs available under specific paths. This method is useful when you want to add completely new functionalities or when you need to use custom-built or third-party APIs alongside the core Kubernetes APIs.

On the other hand, custom resource definitions (CRDs) enable you to define new resource types within the Kubernetes API itself. With CRDs, you can create and manage custom resources directly through the Kubernetes API server without needing to run a separate API server. This method is useful for extending Kubernetes with new resource types that behave similarly to built-in resources, leveraging the same Kubernetes infrastructure (like kubectl and controllers).

In summary:

  • The aggregation layer integrates external API servers with Kubernetes, providing more flexibility for complex or external APIs.
  • CRDs extend the Kubernetes API with new resource types directly within the Kubernetes API server, offering simplicity and tight integration with Kubernetes-native tools and features.

In the context of the Kubernetes aggregation layer, a front proxy plays a crucial role by acting as an intermediary that routes API requests to the appropriate API server. Here’s how it works:

  1. Routing Requests: The front proxy receives incoming API requests from clients (like kubectl or other applications). Based on the request path, it determines whether the request should be handled by the core Kubernetes API server or by an aggregated API server.
  2. Authentication and Authorization: The front proxy can handle authentication and authorization, ensuring that requests are properly verified before being forwarded to the appropriate API server. This maintains a consistent security model across all APIs.
  3. Service Discovery: The front proxy is aware of the available API services, including the core Kubernetes API and any aggregated API servers. It dynamically routes requests to the correct backend based on the registered API services.

For example, when a request comes in for an API resource path like /apis/servicecatalog.k8s.io/v1beta1/..., the front proxy identifies that this path corresponds to the Service Catalog API server (an aggregated API server) and forwards the request accordingly.

In summary, the front proxy in the aggregation layer serves as the central hub that manages API requests, ensuring they are routed correctly to either the core Kubernetes API server or the appropriate aggregated API server, while also providing a unified security layer.

Graph View