enix/kube-router
kube-router
A turnkey solution for Kubernetes networking with aim to provide operational simplicity and high performance.
TL;DR;
$ helm repo add enix https://charts.enix.io/
$ helm install my-release enix/kube-router
Source code can be found here
Installing the Chart
To install the chart with the release name my-release
:
$ helm install my-release enix/kube-router
The command deploys Kube-Router on the Kubernetes cluster in the default configuration. The Chart Values section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Uninstalling the Chart
To uninstall/delete the my-release
deployment:
$ helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.
Chart Values
Key | Type | Default | Description |
---|---|---|---|
fullnameOverride | string | "" |
String to fully override mosquitto.fullname template with a string |
image.pullPolicy | string | "IfNotPresent" |
Kube-Router image pull policy |
image.repository | string | "docker.io/cloudnativelabs/kube-router" |
Kube-Router image |
image.tag | string | nil |
Override the kube-router image tag |
imagePullSecrets | list | [] |
Docker-registry secret names as an array |
kubeRouter.apiServerUrl | string | nil |
URL of the API server. If you use Kube-Router as service-proxy, use a reliable way to contact your masters |
kubeRouter.cacheSyncTimeout | string | nil |
The timeout for cache synchronization (e.g. ‘5s’, ‘1m’). Must be greater than 0 |
kubeRouter.cni.config | string | "{\n \"cniVersion\":\"0.3.0\",\n \"name\":\"mynet\",\n \"plugins\":[\n {\n \"name\":\"kubernetes\",\n \"type\":\"bridge\",\n \"bridge\":\"kube-bridge\",\n \"isDefaultGateway\":true,\n \"hairpinMode\":true,\n \"ipam\":{\n \"type\":\"host-local\"\n }\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"snat\":true,\n \"portMappings\":true\n }\n }\n ]\n}\n" |
|
kubeRouter.cni.downloadUrl | string | "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" |
|
kubeRouter.cni.install | bool | false |
|
kubeRouter.cni.installPath | string | "/opt/cni/bin" |
|
kubeRouter.cni.version | string | "v0.7.5" |
|
kubeRouter.enablePprof | string | nil |
Enables pprof for debugging performance and memory leak issues |
kubeRouter.extraArgs | list | [] |
Extra arguments to pass to kube-router |
kubeRouter.firewall.enabled | bool | true |
Enables Network Policy, sets up iptables to provide ingress firewall for pods |
kubeRouter.firewall.iptablesSyncPeriod | string | nil |
The delay between iptables rule synchronizations (e.g. ‘5s’, ‘1m’). Must be greater than 0 |
kubeRouter.healthPort | string | nil |
Health check port, 0 = Disabled |
kubeRouter.metrics.path | string | nil |
Prometheus metrics path |
kubeRouter.metrics.port | string | nil |
Prometheus metrics port (set 0 to disable) |
kubeRouter.router.advertiseClusterIp | string | nil |
Add Cluster IP of the service to the RIB so that it gets advertises to the BGP peers (true or false) |
kubeRouter.router.advertiseExternalIp | string | nil |
Add External IP of service to the RIB so that it gets advertised to the BGP peers (true or false) |
kubeRouter.router.advertiseLoadbalancerIp | string | nil |
Add LoadbBalancer IP of service status as set by the LB provider to the RIB so that it gets advertised to the BGP peers (true or false) |
kubeRouter.router.advertisePodCidr | string | nil |
Add Node’s POD cidr to the RIB so that it gets advertised to the BGP peers (true or false) |
kubeRouter.router.bgpGracefulRestart | string | nil |
Enables the BGP Graceful Restart capability so that routes are preserved on unexpected restarts |
kubeRouter.router.bgpGracefulRestartDeferralTime | string | nil |
BGP Graceful restart deferral time according to RFC4724 4.1, maximum 18h |
kubeRouter.router.bgpPort | string | nil |
The port open for incoming BGP connections and to use for connecting with other BGP peers |
kubeRouter.router.bgpRouterId | string | nil |
BGP router-id. Must be specified in a ipv6 only cluster |
kubeRouter.router.clusterAsn | string | nil |
ASN number under which cluster nodes will run iBGP |
kubeRouter.router.disableSourceDestCheck | string | nil |
Disable the source-dest-check attribute for AWS EC2 instances. When this option is false, it must be set some other way (true or false) |
kubeRouter.router.enableCni | string | nil |
Enable CNI plugin. Disable if you want to use kube-router features alongside another CNI plugin (true or false) |
kubeRouter.router.enableIbgp | string | nil |
Enables peering with nodes with the same ASN, if disabled will only peer with external BGP peers (true or false) |
kubeRouter.router.enableOverlay | string | nil |
Enable IP-in-IP tunneling for pod-to-pod networking across nodes in different subnets (true or false) |
kubeRouter.router.enablePodEgress | string | nil |
SNAT traffic from Pods to destinations outside the cluster (true or false) |
kubeRouter.router.enabled | bool | true |
Enables Pod Networking, Advertises and learns the routes to Pods via iBGP |
kubeRouter.router.nodesFullMesh | string | nil |
Each node in the cluster will setup BGP peering with rest of the nodes (true or false) |
kubeRouter.router.overlayType | string | nil |
Topology of overlay network. Possible values: subnet or full. |
kubeRouter.router.overrideNexthop | string | nil |
Override the next-hop in bgp routes sent to peers with the local ip |
kubeRouter.router.peerRouterMultihopTtl | string | nil |
Enable eBGP multihop supports (Relevant only if ttl >= 2) |
kubeRouter.router.peers | list | [] |
List of external BGP peers, see values.yaml for example |
kubeRouter.router.routesSyncPeriod | string | nil |
The delay between route updates and advertisements (e.g. ‘5s’, ‘1m’, ‘2h22m’). Must be greater than 0 |
kubeRouter.serviceProxy.enabled | bool | false |
Enables Service Proxy, sets up IPVS for Kubernetes Services |
kubeRouter.serviceProxy.excludedCidrs | string | nil |
Excluded CIDRs are used to exclude IPVS rules from deletion |
kubeRouter.serviceProxy.hairpinMode | string | nil |
Add iptables rules for every Service Endpoint to support hairpin traffic (true or false) |
kubeRouter.serviceProxy.ipvsGracefulPeriod | string | nil |
The graceful period before removing destinations from IPVS services (e.g. ‘5s’, ‘1m’, ‘2h22m’). Must be greater than 0 |
kubeRouter.serviceProxy.ipvsGracefulTermination | string | nil |
Enables the experimental IPVS graceful terminaton capability (true or false) |
kubeRouter.serviceProxy.ipvsPermitAll | string | nil |
Enables rule to accept all incoming traffic to service VIP’s on the node (true or false) |
kubeRouter.serviceProxy.ipvsSyncPeriod | string | nil |
The delay between ipvs config synchronizations (e.g. ‘5s’, ‘1m’, ‘2h22m’). Must be greater than 0 |
kubeRouter.serviceProxy.masqueradeAll | string | nil |
SNAT all traffic to cluster IP/node port (true or false) |
kubeRouter.serviceProxy.nodeportBindonAllIp | string | nil |
For service of NodePort type create IPVS service that listens on all IP’s of the node (true or false) |
livenessProbe | object | {"httpGet":{"path":"/healthz","port":20244},"initialDelaySeconds":10,"periodSeconds":3} |
Liveness probe for the kube-router workload |
nameOverride | string | "" |
String to partially override kube-router.fullname template with a string (will prepend the release name) |
nodeSelector | object | {} |
Kube-Router labels for pod assignment |
readinessProbe | object | `{“exec”:{“command”:[“sh”,“-c”,“neighbors=\”$(/usr/local/bin/gobgp neighbor 2>/dev/null | tail -n +2)\“; test $(echo \”$neighbors\” |
resources | object | {"requests":{"cpu":"250m","memory":"250Mi"}} |
CPU/Memory resource requests/limits |
tolerations | list | [{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"},{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/controlplane","operator":"Exists"},{"effect":"NoExecute","key":"node-role.kubernetes.io/etcd","operator":"Exists"}] |
Kube-Router labels for tolerations pod assignment |
updateStrategy | object | {"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"} |
Update strategy to use when upgrading workload |
License
Copyright © 2020 ENIX
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.