Coder Social home page Coder Social logo

kiwi's Introduction

Kiwi, the Kubernetes IP Manager

This is a simple service for managing the assignment of IP addresses to network interfaces and the associated firewall rules for Kubernetes services.

The kiwi service will listen for notifications from the Kubernetes API regarding new or deleted services, and for those that contain a publicIPs element the service will:

  • Associate the public ip with a network interface, if it has not already been assigned,
  • Create mangle table rules to mark inbound traffic

Kiwi uses etcd to coordinate assignments between multiple systems. If Kiwi stops running on one system, any active ip addresses will be assigned on the remaining systems.

Using Kiwi

The easiest way to use Kiwi is to use the docker image:

docker run --privileged --net=host larsks/kiwi --interface br0 --verbose

Kiwi needs --net=host and --privileged because it will be modifying your host iptables and network interface configuration.

Example

Assume that you have a Kubernetes service definition like this:

kind: Service
id: web
apiVersion: v1beta1
port: 8080
selector:
  name: web
containerPort: 80
publicIps:
  - 192.168.1.41
  - 172.16.1.41

If you run kiwi like this:

kiwi --interface em1 -r 192.168.1.0/24

And then create the Kubernetes services:

kubectl create -f web-service.yaml

Then kiwi will:

  • Add address 192.168.1.42/32 to device em1:

      # ip addr show em1 | grep 192.168.1.41
  inet 192.168.1.41/32 scope global em1:kube

  • Add the following rule to the mangle KUBE-PUBLIC table:

      -A KUBE-PUBLIC -d 192.168.1.41/32 -p tcp -m tcp --dport 8080 -m comment --comment web -j MARK --set-mark 1

  • Kiwi will ignore 172.16.1.41 because it does not match any valid CIDR range.

These changes will be removed if you delete the service.

When kiwi exits, it will remove any addresses and firewall rules it created while it was running.

Technical details

Kiwi works by listening to the Kubernetes API at /api/v1beta1/watch/services. As new services appear, Kiwi iterates over the list of ip addresses and attempts to create corresponding keys under the etcd prefix /kiwi/publicips.

If it is able to successfully create an entry, the local Kiwi agent has "claimed" that address and will provision it locally.

Addresses are set with a TTL (10 seconds by default). The local kiwi agent will heartbeat on that address entry while it is running. If the local agent stops running, the /kiwi/publicips/x.x.x.x entry will eventually expire, at which point another agent will attempt to claim.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.