README
¶
webmesh-cni
This is a CNI plugin for Kubernetes that allows you to connect pods to a Webmesh network. You may then optionally expose the nodes running the CNI plugin to remote users or networks.
Installation
The bundle in this repository and alongside the published releases can be used to install the CNI into your cluster. The signatures of the signed bundles can be verified using cosign:
# Change this to a specific release version if you'd like
DOWNLOAD_URL="https://github.com/webmeshproj/webmesh-cni/releases/latest/download"
# Download the bundle manifest.
curl -JLO ${DOWNLOAD_URL}/bundle.yaml
# Verify the bundle signature.
export COSIGN_EXPERIMENTAL=1
cosign verify-blob \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
--certificate-identity-regexp="github\.com/webmeshproj/webmesh-cni" \
--signature="${DOWNLOAD_URL}/bundle.yaml.sig" \
--certificate="${DOWNLOAD_URL}/bundle.yaml.sig.cert" \
bundle.yaml
# Should return: Verified OK
The container images are also signed and can be verified using cosign:
export COSIGN_EXPERIMENTAL=1
cosign verify --output=text \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
--certificate-identity-regexp="github\.com/webmeshproj/webmesh-cni" \
ghcr.io/webmeshproj/webmesh-cni:latest
First remove any existing CNI installations, then you can install the downloaded bundle or directly from the releases with:
kubectl apply -f https://github.com/webmeshproj/webmesh-cni/releases/latest/download/bundle.yaml
Examples
Examples can be found in the examples directory with instructions on how to run them and the various features they demonstrate.
Configuration
The CNI is configured via the webmesh-cni daemonset and configmap or within the full bundle.
The configmap contains configurations to apply to container interfaces, and the daemonset runs the CNI plugin on each node.
The daemonset can be configured with command-line flags and environment variables.
To see the available options, you can run the container with the --help flag.
docker run ghcr.io/webmeshproj/webmesh-cni:latest --help
Development
A Makefile is provided to build and test the CNI plugin. A Kind configuration is also provided for creating test clusters locally capable of running the CNI.
To see all available options in the Makefile, run:
make help
Documentation
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1
Package v1 contains API Schema definitions for the v1 API group +kubebuilder:object:generate=true +groupName=cni.webmesh.io
|
Package v1 contains API Schema definitions for the v1 API group +kubebuilder:object:generate=true +groupName=cni.webmesh.io |
|
internal
|
|
|
cmd/install
Package install contains the entrypoint for the webmesh-cni install component.
|
Package install contains the entrypoint for the webmesh-cni install component. |
|
cmd/node
Package node contains the entrypoint for the webmesh-cni node component.
|
Package node contains the entrypoint for the webmesh-cni node component. |
|
controllers
Package controllers contains the controllers for the webmesh-cni.
|
Package controllers contains the controllers for the webmesh-cni. |
|
ipam
Package IPAM provides IPv4 address allocation against the mesh database.
|
Package IPAM provides IPv4 address allocation against the mesh database. |
|
metadata
Package metadata contains the container metadata server.
|
Package metadata contains the container metadata server. |
|
version
Package version contains the build-time version information.
|
Package version contains the build-time version information. |