Skip to content

Kubernetes Fury Distribution Networking Core Module: CNI and Network management features for Kubernetes Clusters

License

Notifications You must be signed in to change notification settings

sighupio/fury-kubernetes-networking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Kubernetes Fury Networking

Release License Slack

Kubernetes Fury Networking implements in-cluster networking functionality for the Kubernetes Fury Distribution (KFD) via Container Network Interface (CNI) plugins.

If you are new to KFD please refer to the official documentation on how to get started with KFD.

Overview

Kubernetes has adopted the Container Network Interface (CNI) specification for managing network resources on a cluster.

Kubernetes Fury Networking makes use of CNCF recommended Project Calico, open-source networking and network security solution for containers, virtual machines, and bare-metal workloads, to bring networking features to the Kubernetes Fury Distribution.

Calico deployment consists of a daemon set running on every node (including control-plane nodes) and a controller.

Packages

Kubernetes Fury Networking provides the following packages:

Package Version Description
cilium 1.16.3 Cilium CNI Plugin. For cluster with < 200 nodes.
tigera 1.36.1 Tigera Operator, a Kubernetes Operator for Calico, provides pre-configured installations for on-prem and for EKS in policy-only mode.
ip-masq 2.8.0 The ip-masq-agent configures iptables rules to implement IP masquerading functionality

The resources in these packages are going to be deployed in kube-system namespace. Except for the operator.

Click on each package to see its full documentation.

Compatibility

Kubernetes Version Compatibility Notes
1.28.x No known issues
1.29.x No known issues
1.30.x No known issues
1.31.x No known issues

Check the compatibility matrix for additional information on previous releases of the module.

Usage

Prerequisites

Tool Version Description
furyctl >=0.6.0 The recommended tool to download and manage KFD modules and their packages. To learn more about furyctl read the official documentation.
kustomize =3.5.3 Packages are customized using kustomize. To learn how to create your customization layer with kustomize, please refer to their repository.

Deployment

⚠️ Please notice that the Calico packages is for cluster with less the 50 nodes. If your cluster has more than 50 nodes, you'll need to switch to Calico + Typha or to the Tigera Operator.

  1. List the packages you want to deploy and their version in a Furyfile.yml
bases:
  - name: networking
    version: "v2.0.0"

See furyctl documentation for additional details about Furyfile.yml format.

  1. Execute furyctl vendor -H to download the packages

  2. Inspect the download packages under ./vendor/katalog/networking.

  3. Define a kustomization.yaml that includes the ./vendor/katalog/networking directory as a resource.

resources:
  - ./vendor/katalog/networking/tigera/operator
  - ./vendor/katalog/networking/tigera/on-prem

Or if you want to use Cilium:

resources:
  - ./vendor/katalog/networking/cilium
  1. To deploy the packages to your cluster, execute:
kustomize build . | kubectl apply -f -

Monitoring

The Networking module includes out-of-the-box metrics monitoring and alerting features for its components.

You can monitor the status of the networking stack from the provided Grafana dashboards:

click on each screenshot for the full screen version

The following set of alerts is included with the networking module:

Alert Name Summary Description
CalicoDataplaneFailuresHigh A high number of dataplane failures within Felix are happening Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} dataplane failures within the last hour
CalicoIpsetErrorsHigh A high number of ipset errors within Felix are happening Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} ipset errors within the last hour
CalicoIptableSaveErrorsHigh A high number of iptable save errors within Felix are happening Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} iptable save errors within the last hour
CalicoIptableRestoreErrorsHigh A high number of iptable restore errors within Felix are happening Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} iptable restore errors within the last hour
CalicoErrorsWhileLoggingHigh A high number of errors within Felix while loggging are happening Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} errors while logging within the last ten minutes
TyphaPingLatency Typha Round-trip ping latency to client (cluster {{ $labels.cluster }}) Typha latency is growing (ping operations > 100ms). VALUE = {{ $value }}. LABELS = {{ $labels }}
TyphaClientWriteLatency Typha unusual write latency (instance {{ $labels.cluster }}) Typha client latency is growing (write operations > 100ms). VALUE = {{ $value }}. LABELS = {{ $labels }}
TyphaErrorsWhileLoggingHigh A high number of errors within Typha while loggging are happening Typha pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} errors while logging within the last ten minutes

Contributing

Before contributing, please read first the Contributing Guidelines.

Reporting Issues

In case you experience any problems with the module, please open a new issue.

License

This module is open-source and it's released under the following LICENSE

About

Kubernetes Fury Distribution Networking Core Module: CNI and Network management features for Kubernetes Clusters

Resources

License

Stars

Watchers

Forks

Packages

No packages published