README
¶
amazon-vpc-cni-k8s
Networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS.
Setup
Download the latest version of the yaml and apply it the cluster.
kubectl apply -f aws-k8s-cni.yaml
Launch kubelet with network plugins set to cni (--network-plugin=cni), the cni directories configured (--cni-config-dir and --cni-bin-dir) and node ip set to the primary IPv4 address of the primary ENI for the instance (--node-ip=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)). It is also recommended to set --max-pods equal to the number of ENIs for the instance type * (the number of IPs per ENI - 1) see to prevent scheduling that exceeds the IP resources available to the kubelet.
The default manifest expects --cni-conf-dir=/etc/cni/net.d and --cni-bin-dir=/opt/cni/bin.
L-IPAM requires following IAM policy:
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeInstances",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AssignPrivateIpAddresses"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
},
Building
makedefaults tomake build-linuxthat builds the Linux binaries.make docker-builduses a docker container (golang:1.10) to build the binaries.make dockerwill create a docker container using the docker-build with the finished binaries, with a tag ofamazon/amazon-k8s-cni:latestunit-test,lintandvetprovide ways to run the respective tests/tools and should be run before submitting a PR.
Components
There are 2 components:
- CNI Plugin, which will wire up host's and pod's network stack when called.
L-IPAMD, which is a long running node-Local IP Address Management (IPAM) daemon, is responsible for:- maintaining a warm-pool of available IP addresses, and
- assigning an IP address to a Pod.
The details can be found in Proposal: CNI plugin for Kubernetes networking over AWS VPC.
Troubleshooting Guide provides tips on how to debug and troubleshoot CNI.
Notes
L-IPAMD(aws-node daemonSet) running on every worker node requires access to kubernetes API server. If it can not reach kubernetes API server, ipamD will exit and CNI will not be able to get any IP address for Pods. Here is a way to confirm if L-IPAMD has access to the kubernetes API server.
# find out kubernetes service IP, e.g. 10.0.0.1
kubectl get svc kubernetes
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 29d
# ssh into worker node, check if worker node can reach API server
telnet 10.0.0.1 443
Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'. <-------- kubernetes API server is reachable
Contributing
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
awsutils/mocks
Package mock_awsutils is a generated GoMock package.
|
Package mock_awsutils is a generated GoMock package. |
|
cninswrapper/mock_ns
Package mock_ns is a generated GoMock package.
|
Package mock_ns is a generated GoMock package. |
|
cninswrapper/mocks
Package mock_cninswrapper is a generated GoMock package.
|
Package mock_cninswrapper is a generated GoMock package. |
|
docker/mocks
Package mock_docker is a generated GoMock package.
|
Package mock_docker is a generated GoMock package. |
|
ec2metadata/mocks
Package mock_ec2metadata is a generated GoMock package.
|
Package mock_ec2metadata is a generated GoMock package. |
|
grpcwrapper/mocks
Package mock_grpcwrapper is a generated GoMock package.
|
Package mock_grpcwrapper is a generated GoMock package. |
|
httpwrapper/mocks
Package mock_httpwrapper is a generated GoMock package.
|
Package mock_httpwrapper is a generated GoMock package. |
|
ioutilwrapper/mocks
Package mock_ioutilwrapper is a generated GoMock package.
|
Package mock_ioutilwrapper is a generated GoMock package. |
|
ipwrapper/mocks
Package mock_ipwrapper is a generated GoMock package.
|
Package mock_ipwrapper is a generated GoMock package. |
|
k8sapi
Package k8sapi contains logic to retrieve pods running on local node
|
Package k8sapi contains logic to retrieve pods running on local node |
|
k8sapi/mocks
Package mock_k8sapi is a generated GoMock package.
|
Package mock_k8sapi is a generated GoMock package. |
|
netlinkwrapper/mock_netlink
Package mock_netlink is a generated GoMock package.
|
Package mock_netlink is a generated GoMock package. |
|
netlinkwrapper/mocks
Package mock_netlinkwrapper is a generated GoMock package.
|
Package mock_netlinkwrapper is a generated GoMock package. |
|
netlinkwrapper/mocks_link
Package mock_netlink is a generated GoMock package.
|
Package mock_netlink is a generated GoMock package. |
|
networkutils/mocks
Package mock_networkutils is a generated GoMock package.
|
Package mock_networkutils is a generated GoMock package. |
|
nswrapper/mocks
Package mock_nswrapper is a generated GoMock package.
|
Package mock_nswrapper is a generated GoMock package. |
|
rpcwrapper/mocks
Package mock_rpcwrapper is a generated GoMock package.
|
Package mock_rpcwrapper is a generated GoMock package. |
|
typeswrapper/mocks
Package mock_typeswrapper is a generated GoMock package.
|
Package mock_typeswrapper is a generated GoMock package. |
|
utils/ttime
Package ttime implements a testable alternative to the Go "time" package.
|
Package ttime implements a testable alternative to the Go "time" package. |
|
utils/ttime/mocks
Package mock_ttime is a generated GoMock package.
|
Package mock_ttime is a generated GoMock package. |
|
plugins
|
|
|
routed-eni/driver/mocks
Package mock_driver is a generated GoMock package.
|
Package mock_driver is a generated GoMock package. |
|
Package rpc is a generated protocol buffer package.
|
Package rpc is a generated protocol buffer package. |
|
mocks
Package mock_rpc is a generated GoMock package.
|
Package mock_rpc is a generated GoMock package. |