docs: add runner in-cluster vcluster access pattern guide#124
Closed
weicao wants to merge 1 commit into
Closed
Conversation
Methodology body covers: - 3 vcluster API access topologies: (1) workstation + port-forward, (2) workstation + NodePort, (3) runner pod in host k8s + in-cluster service DNS - Why (3) eliminates workstation-network-as-critical-path failure class - 5 hard rules: kubeconfig server = in-cluster DNS; long-running pod with sleep infinity; nohup ... & on launch so kubectl exec returns immediately; evidence via kubectl exec -- tar c piped to tar x instead of kubectl cp; closeout treats host-API impact as independent from runner result - 5-point PR / design review checklist - 2 anti-pattern vs correct-pattern pairs Appendix A is OceanBase enterprise addon migration from workstation+port-forward to idc4 host-runner+in-cluster DNS case, explicitly bounded as 3-sample observation, not extrapolated to permanent immunity.
Contributor
Author
|
Blocking for merge:
The structural recommendation itself looks good: host-runner + in-cluster DNS removes workstation network from the test critical path. |
This was referenced May 13, 2026
Contributor
Author
|
Closing per Allen's docs PR queue triage (DM 2026-05-18). Superseded by main-branch standard guide(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New methodology doc
addon-runner-incluster-vcluster-access-pattern-guide.mdcovering when addon tests on a remote IDC vcluster, the runner pod should sit inside the host k8s cluster and reach the vcluster API via in-cluster service DNS, taking the workstation network out of the test critical path.Body (generic methodology, version-agnostic, no engine binding):
serverfield = in-cluster service DNS; long-running pod (sleep infinity);nohup ... &sokubectl execreturns immediately; evidence retrieval viakubectl exec -- tar cpiped totar x(avoidskubectl cpetcd timeout); closeout treats host-API impact as independent from runner resultaddon-host-runner-job-pattern-guide.md,addon-test-runner-cadence-discipline-guide.md,addon-test-acceptance-and-first-blocker-guide.md,addon-evidence-discipline-guide.mdAppendix A is OceanBase enterprise addon migration from
workstation + kubectl port-forwardtoidc4 host-runner + in-cluster service DNS, plus reverse example showing the prior path's pf-stalenessT1_vcluster_api_unreachable_via_macD_portforward_mid_runblocker. Explicit boundary: 3-sample observation supports only "no workstation-network impact on in-pod test execution in those samples"; NOT extrapolated to permanent immunity.SKILL-INDEX.md updated: added entry under
### 5. 改造 runner / 工具链.Test plan
🤖 Generated with Claude Code