kube-router

Kube-router is a turnkey solution for Kubernetes networking with aim to provide operational simplicity and high performance.

Primary Features

kube-router does it all.

With all features enabled, kube-router is a lean yet powerful alternative toseveral network components used in typical Kubernetes clusters. All this from asingle DaemonSet/Binary. It doesn't get any easier.

IPVS/LVS based service proxy | --run-service-proxy

kube-router uses the Linux kernel's LVS/IPVS features to implement its K8s ServicesProxy. Kube-router fully leverages power off LVS/IPVS to provide rich set of scheduling options and unique features like DSR (Direct Server Return), L3 load balancing with ECMP for deployments where high throughput, minimal latency and high-availability are crucial.

Read more about the advantages of IPVS for container load balancing:

• Kubernetes network services proxy with IPVS/LVS
• Highly-available and scalable ingress for baremetal Kubernetes clusters

Pod Networking | --run-router

kube-router handles Pod networking efficiently with direct routing thanks to theBGP protocol and the GoBGP Go library. It uses the native Kubernetes API tomaintain distributed pod networking state. That means no dependency on aseparate datastore to maintain in your cluster.

kube-router's elegant design also means there is no dependency on another CNIplugin. Theofficial "bridge" pluginprovided by the CNI project is all you need -- and chances are you already haveit in your CNI binary directory!

Read more about the advantages and potential of BGP with Kubernetes:

• Kubernetes pod networking and beyond with BGP

Network Policy Controller | --run-firewall

Enabling Kubernetes Network Policiesis easy with kube-router -- just add a flag to kube-router. It uses ipsets withiptables to ensure your firewall rules have as little performance impact on yourcluster as possible.

Kube-router supports the networking.k8s.io/NetworkPolicy API or network policy V1/GAsemantics and also network policy beta semantics.

Read more about kube-router's approach to Kubernetes Network Policies:

• Enforcing Kubernetes network policies with iptables

Advanced BGP Capabilities

If you have other networking devices or SDN systems that talk BGP, kube-routerwill fit in perfectly. From a simple full node-to-node mesh to per-node peeringconfigurations, most routing needs can be attained. The configuration isKubernetes native (annotations) just like the rest of kube-router, so use thetools you already know! Since kube-router uses GoBGP, you have access to amodern BGP API platform as well right out of the box. Kube-router also providesa way to expose services outside the cluster by advertising ClusterIP and externalIPs toconfigured BGP peers. Kube-routes also support MD5 password based authentication anduses strict export policies so you can be assured routes are advertised to underlayonly as you intended.

For more details please refer to the BGP documentation.

Standard Linux Networking

A key design tenet of Kube-router is to use standard Linux networking stack and toolset. There is no overlays orSDN pixie dust, but just plain good old networking. You can use standard Linux networking tools like iptables, ipvsadm, ipset,iproute, traceroute, tcpdump etc. to troubleshoot or observe data path. When kube-router is ran as a daemonset, image also ships with these tools automatically configured for your cluster.

Small Footprint

Although it does the work of several of its peers in one binary, kube-routerdoes it all with a relatively tiny codebase, partly because IPVS is alreadythere on your Kuberneres nodes waiting to help you do amazing things.kube-router brings that and GoBGP's modern BGP interface to you in an elegantpackage designed from the ground up for Kubernetes.

High Performance

A primary motivation for kube-router is performance. The combination of BGP forinter-node Pod networking and IPVS for load balanced proxy Services is a perfectrecipe for high-performance cluster networking at scale. BGP ensures that thedata path is dynamic and efficient, and IPVS provides in-kernel load balancingthat has been thoroughly tested and optimized.

Getting Started

• How it Works
• Architecture
• See Kube-router in action
• User Guide
• Developer Guide

Project status

Kube-router is being used in several production clusters by diverse set of users ranging from financial firms, gaming companies to universities. For almost a year we have listened to users and incorporated feedback. The core functionality is stable. We are working toward GA release.

Contributing

We encourage all kinds of contributions, be they documentation, code, fixingtypos, tests — anything at all. Please read the contribution guide.

Support & Feedback

If you experience any problems please reach us on kube-router slack channelfor quick help. Feel free to leave feedback or raise questions by opening an issue here.

Acknowledgement

Kube-router build upon following libraries:

• Iptables: https://github.com/coreos/go-iptables
• GoBGP: https://github.com/osrg/gobgp
• Netlink: https://github.com/vishvananda/netlink
• Ipset: https://github.com/janeczku/go-ipset
• IPVS: https://github.com/docker/libnetwork/