wigglenet's Introduction

Wigglenet

Wigglenet is a network plugin for Kubernetes geared towards dual-stack clusters. Wigglenet seeks to achieve the following goals in order:

Simplicity and minimalism
Support idiosyncratic IPv6 allocation strategies of various cloud providers (preferably without resorting to ULA addresses / NAT)
Being a viable network plugin for small to medium sized production clusters

Note that the last goal is not achieved yet. Wigglenet should be considered experimental and only used in non-critical clusters for the time being.

Introduction

Wigglenet uses the standard ptp CNI plugin with host-local IPAM to allocate IP addresses to pods based on the node subnets. Wigglenet also establishes an overlay network using Wireguard. In addition to encapsulation, this also provides hassle-free encryption of pod-to-pod traffic.

Wigglenet runs as a daemonset on every node and does the following things:

Initializes each new node on startup, sets up the Wireguard interface and writes the CNI configuration
Runs a controller on each node that adjusts the Wireguard peer configuration, local routing table and iptables rules for filtering and masquerading as nodes come and go

Wigglenet explicitely supports and encourages allocation of public IPv6 addresses to pods and offers a variety of pod network selection methods. See Pod network selection for details.

Installation

To install Wigglenet on a dual-stack cluster with the default settings:

kubectl apply -f https://raw.githubusercontent.com/tibordp/wigglenet/v0.4.3/deploy/manifest.yaml

The default configuration should work out of the box for a cluster created with kubeadm using the official dual-stack tutorial. It will enable masquerading for both IPv6 and IPv4 addresses.

Use the following manifest if the cluster is single-stack (IPv6 only):

kubectl apply -f https://raw.githubusercontent.com/tibordp/wigglenet/v0.4.3/deploy/ipv6_only.yaml

Configuration

For configuration options see the docs

Limitations

Wigglenet does not currently support NetworkPolicy
Host-to-host traffic does not pass through the Wireguard tunnel, so it is not encrypted. This is not a major issue as services using host networking generally use TLS, but there are some notable exceptions (e.g. the default configuration for Prometheus node-exporter).

Contributing

Feedback, bug reports and pull requests are most welcome! Build and test with:

go mod download
go build ./...
go test ./...

See Makefile and example manifests for experimenting with Wigglenet locally using kind. For example:

# Create a dual-stuck kind cluster with default settings
make kind-default

# Build Docker image and load it to all the nodes
make image

# Install Wigglenet
make deploy

Acknowledgements

Wigglenet is inspired by kindnet, kind's default network plugin.

wigglenet's People

Contributors

Stargazers

Watchers

wigglenet's Issues

Wigglenet Pods for Worker Nodes Fail

Hello, excellent work with Wigglenet. I couldn't find a specific issues template, so let me know if you want me to provide anything else. In order to test test it with a small cluster I have initialized a Master node using Kubernete's Dual Stack defaults on 1.21.0-00 all components. I have added a control-plane IPV6 address in order to make that the address to reach the ApiServer. This is my command: kubeadm init --control-plane-endpoint=[Redacted-IPV6] --pod-network-cidr=10.244.0.0/16,2001:db8:42:0::/56 --service-cidr=10.96.0.0/16,2001:db8:42:1::/112. This seems to produce a healthy Master node that I can ping over IPV6 and seems to be serving. When I execute kubectl get pods ---all-namespaces I see every pod running as expected. However, when I try to join worker nodes over IPV6 and the pods are created for those, they fail without much info on kubectl describe pod -n kube-system wigglenet-pod. Below is the current output of get pods on my Master node after "successfully" joining two worker nodes, those never appear as ready.

Kind regards,
Vic

kube-system   coredns-558bd4d5db-lkwjc                   1/1     Running            0          3d5h
kube-system   etcd-ip-172-xx-xx-xxx                      1/1     Running            0          3d5h
kube-system   kube-apiserver-ip-172-xx-xx-xxx            1/1     Running            0          3d5h
kube-system   kube-controller-manager-ip-172-xx-xx-xxx   1/1     Running            0          3d5h
kube-system   kube-proxy-4h6bs                           1/1     Running            0          3d4h
kube-system   kube-proxy-8rsrn                           1/1     Running            0          19m
kube-system   kube-proxy-drk5c                           1/1     Running            1          3d5h
kube-system   kube-scheduler-ip-172-xx-xx-xxx            1/1     Running            0          3d5h
kube-system   wigglenet-9nr94                            0/1     CrashLoopBackOff   7          19m
kube-system   wigglenet-gdgzz                            1/1     Running            0          3d5h
kube-system   wigglenet-lp426                            0/1     CrashLoopBackOff   814        3d4h

Recommend Projects

tibordp / wigglenet Goto Github PK

wigglenet's Introduction

Wigglenet

Introduction

Installation

Configuration

Limitations

Contributing

Acknowledgements

wigglenet's People

Contributors

Stargazers

Watchers

Forkers

wigglenet's Issues

Wigglenet Pods for Worker Nodes Fail

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent