Kubernetes Fury Networking
Kubernetes Fury Networking implements in-cluster networking functionality for the Kubernetes Fury Distribution (KFD) via Container Network Interface (CNI) plugins.
Overview
Kubernetes has adopted the Container Network Interface (CNI) specification for managing network resources on a cluster.
Kubernetes Fury Networking makes use of CNCF recommended Project Calico, open-source networking and network security solution for containers, virtual machines, and bare-metal workloads, to bring networking features to the Kubernetes Fury Distribution.
Calico deployment consists of a daemon set running on every node (including control-plane nodes) and a controller.
Packages
Kubernetes Fury Networking provides the following packages:
| Package | Version | Description |
|---|---|---|
| calico | 3.27.3 | Calico CNI Plugin. For cluster with < 50 nodes. |
| cilium | 1.15.2 | Cilium CNI Plugin. For cluster with < 200 nodes. |
| tigera | 1.32.7 | Tigera Operator, a Kubernetes Operator for Calico, provides pre-configured installations for on-prem and for EKS in policy-only mode. |
| ip-masq | 2.8.0 | The ip-masq-agent configures iptables rules to implement IP masquerading functionality |
The resources in these packages are going to be deployed in
kube-systemnamespace. Except for the operator.
Click on each package to see its full documentation.
Compatibility
| Kubernetes Version | Compatibility | Notes |
|---|---|---|
1.26.x | ✅ | No known issues |
1.27.x | ✅ | No known issues |
1.28.x | ✅ | No known issues |
1.29.x | ✅ | No known issues |
Check the compatibility matrix for additional information on previous releases of the module.
Usage
Prerequisites
| Tool | Version | Description |
|---|---|---|
| furyctl | >=0.6.0 | The recommended tool to download and manage KFD modules and their packages. To learn more about furyctl read the official documentation. |
| kustomize | =3.5.3 | Packages are customized using kustomize. To learn how to create your customization layer with kustomize, please refer to their repository. |
Deployment
⚠️ Please notice that the Calico packages is for cluster with less the 50 nodes. If your cluster has more than 50 nodes, you'll need to switch to Calico + Typha or to the Tigera Operator.
-
List the packages you want to deploy and their version in a
Furyfile.ymlbases:
- name: networking
version: "v1.17.0"See
furyctldocumentation for additional details aboutFuryfile.ymlformat. -
Execute
furyctl vendor -Hto download the packages -
Inspect the download packages under
./vendor/katalog/networking. -
Define a
kustomization.yamlthat includes the./vendor/katalog/networkingdirectory as a resource.resources:
- ./vendor/katalog/networking/calicoOr if you want to use Cilium:
resources:
- ./vendor/katalog/networking/cilium -
To deploy the packages to your cluster, execute:
kustomize build . | kubectl apply -f -
Monitoring
The Networking module includes out-of-the-box metrics monitoring and alerting features for its components.
You can monitor the status of the networking stack from the provided Grafana dashboards:
click on each screenshot for the full screen version
The following set of alerts is included with the networking module:
| Alert Name | Summary | Description |
|---|---|---|
| CalicoDataplaneFailuresHigh | A high number of dataplane failures within Felix are happening | Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} dataplane failures within the last hour |
| CalicoIpsetErrorsHigh | A high number of ipset errors within Felix are happening | Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} ipset errors within the last hour |
| CalicoIptableSaveErrorsHigh | A high number of iptable save errors within Felix are happening | Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} iptable save errors within the last hour |
| CalicoIptableRestoreErrorsHigh | A high number of iptable restore errors within Felix are happening | Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} iptable restore errors within the last hour |
| CalicoErrorsWhileLoggingHigh | A high number of errors within Felix while loggging are happening | Calico node pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} errors while logging within the last ten minutes |
| TyphaPingLatency | Typha Round-trip ping latency to client (cluster {{ $labels.cluster }}) | Typha latency is growing (ping operations > 100ms). VALUE = {{ $value }}. LABELS = {{ $labels }} |
| TyphaClientWriteLatency | Typha unusual write latency (instance {{ $labels.cluster }}) | Typha client latency is growing (write operations > 100ms). VALUE = {{ $value }}. LABELS = {{ $labels }} |
| TyphaErrorsWhileLoggingHigh | A high number of errors within Typha while loggging are happening | Typha pod {{ $labels.pod }} ({{ $labels.instance }}) has seen {{ $value }} errors while logging within the last ten minutes |