{"id":15130092,"url":"https://github.com/cloudfoundry/cf-k8s-networking","last_synced_at":"2025-09-28T19:31:15.452Z","repository":{"id":36333166,"uuid":"205376598","full_name":"cloudfoundry/cf-k8s-networking","owner":"cloudfoundry","description":"building a cloud foundry without gorouter....","archived":true,"fork":false,"pushed_at":"2022-04-13T16:59:51.000Z","size":12440,"stargazers_count":32,"open_issues_count":2,"forks_count":17,"subscribers_count":23,"default_branch":"develop","last_synced_at":"2024-09-21T18:39:09.508Z","etag":null,"topics":["cloudfoundry","eirini","golang","istio","kubernetes","kubernetes-controller","metacontroller","networking","routing","service-mesh"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudfoundry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-30T12:19:56.000Z","updated_at":"2023-03-22T03:53:15.000Z","dependencies_parsed_at":"2022-08-08T14:15:55.950Z","dependency_job_id":null,"html_url":"https://github.com/cloudfoundry/cf-k8s-networking","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fcf-k8s-networking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fcf-k8s-networking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fcf-k8s-networking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fcf-k8s-networking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudfoundry","download_url":"https://codeload.github.com/cloudfoundry/cf-k8s-networking/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219873844,"owners_count":16554517,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudfoundry","eirini","golang","istio","kubernetes","kubernetes-controller","metacontroller","networking","routing","service-mesh"],"created_at":"2024-09-26T02:29:40.606Z","updated_at":"2025-09-28T19:31:09.983Z","avatar_url":"https://github.com/cloudfoundry.png","language":"Go","readme":"cf-k8s-networking\n---\nRouting and networking for Cloud Foundry running on Kubernetes.\n\n## Deploying\n\nCF-K8s-Networking is a component of CF-for-K8s. To deploy CF-for-K8s reference\nthe following documentation:\n\n* [Deploy Cloud Foundry on\n  Kubernetes](https://github.com/cloudfoundry/cf-for-k8s/blob/master/docs/deploy.md)\n* [Deploy Cloud Foundry\n  Locally](https://github.com/cloudfoundry/cf-for-k8s/blob/6e4ba5cc0514481a0675ea83731449c752b1dcad/docs/deploy-local.md)\n\n## Architecture\n\n![Architecture Diagram of\nCF-K8s-Networking](doc/assets/routecontroller-data-flow-diagram.png)\n\n* **RouteController:** Watches the Kubernetes API for Route CRs and translates\n  the Route CRs into Istio Virtual Service CRs and Kubernetes Services\n  accordingly to enable routing to applications deployed by Cloud Foundry.\n\n* **Istio:** CF-K8s-Networking currently depends on [Istio](https://istio.io/).\n  * Istio serves as both our gateway router for ingress networking, replacing\n    the role of the Gorouters in CF for VMs, and service mesh for (eventually)\n    container-to-container networking policy enforcement.\n  * We provide a manifest for installing our custom configuration for Istio,\n    [here](https://github.com/cloudfoundry/cf-for-k8s/blob/master/config/istio/istio-generated/xxx-generated-istio.yaml).\n  * Istio provides us with security features out of the box, such as:\n    * Automatic Envoy sidecar injection for system components and application workloads\n    * `Sidecar` Kubernetes resources that can limit egress traffic from workload `Pod`s\n    * Transparent mutual TLS (mTLS) everywhere\n    * (Eventually) app identity certificates using [SPIFFE](https://spiffe.io/) issued by Istio Citadel\n  * Istio should be treated as an \"implementation detail\" of the platform and\n    our reliance on it is subject to change\n  * Istio config is located in [cf-for-k8s](https://github.com/cloudfoundry/cf-for-k8s) and it's managed by the cf-k8s-networking team.\n\n## Contributing\nFor information about how to contribute, develop against our codebase, and run\nour various test suites, check out our [Contributing guidelines](CONTRIBUTING.md).\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudfoundry%2Fcf-k8s-networking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudfoundry%2Fcf-k8s-networking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudfoundry%2Fcf-k8s-networking/lists"}