pod2daemon

module

v3.8.9+incompatible Latest Latest Go to latest Published: Nov 19, 2019 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/projectcalico/pod2daemon

Links

Open Source Insights

README ¶

pod2daemon

pod2daemon enables secure communication between a Kubernetes pod and a daemon (e.g. created with a DaemonSet) running on the host. It creates a Kubernetes FlexVolume Driver type nodeagent/uds to enable Nodeagent to verify the identity of a workload. A Flexvolume driver type nodeagent/uds is added to each workload and when such a workload is created, with the volume type mounted, the Nodeagent is notified by the Flexvolume driver. The workloadhandler creates a Unix Domain Socket (UDS) per workload and then initializes the workloadAPI Grpc Server (see below). The workloadAPI Grpc server can get the credentials of the workload from the workload handler.

The code here was tested with Kubernetes version v1.8.

What is in this repo

Flexvolume driver:

This is the flex volume driver that should be copied to /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds/uds Or you can use the provided initcontainer that copies the binary to the specified location on the node. See nodeagent/nodeagent.yaml

How to build

FlexVolume Binary

make build

Outputs to bin/flexvol-<arch>

Docker image

make image

How to setup the FlexVolume driver

See nodeagent/nodeagent.yaml initContainer to see how the FlexVolume driver is setup.

The nodeagent.yaml also shows how the nodeagent volumes need to be setup.

How to setup the Workload

See flexvol/udsver-mount.yaml for a sample of how a workload will setup the flexvolume.

...snip
     containers:
        volumeMounts:
        - mountPath: /tmp/udsver
          name: test-volume
      volumes:
        - name: test-volume
          flexVolume:
            driver: nodeagent/uds

Directories ¶

Path	Synopsis
binder
flexvol Flexvolume driver that is invoked by kubelet when a pod installs a flexvolume drive of type nodeagent/uds This driver communicates to the nodeagent using either * (Default) writing credentials of workloads to a file or * gRPC message defined at protos/nodeagementmgmt.proto, to shares the properties of the pod with nodeagent.	Flexvolume driver that is invoked by kubelet when a pod installs a flexvolume drive of type nodeagent/uds This driver communicates to the nodeagent using either * (Default) writing credentials of workloads to a file or * gRPC message defined at protos/nodeagementmgmt.proto, to shares the properties of the pod with nodeagent.
creds
nodeagent
protos
udsver_v1 Package udsver_v1 is a generated protocol buffer package.	Package udsver_v1 is a generated protocol buffer package.
workloadapi

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL