{"id":18936077,"url":"https://github.com/collabora/k8s-socketcan","last_synced_at":"2025-04-15T18:31:22.711Z","repository":{"id":41788007,"uuid":"459708756","full_name":"collabora/k8s-socketcan","owner":"collabora","description":"SocketCAN Kubernetes device plugin","archived":false,"fork":false,"pushed_at":"2024-01-24T11:14:59.000Z","size":80,"stargazers_count":25,"open_issues_count":1,"forks_count":3,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-29T00:41:10.062Z","etag":null,"topics":["device-plugin","kubernetes","kubernetes-device-plugins","socketcan"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/collabora.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-15T18:51:07.000Z","updated_at":"2024-05-14T15:23:44.000Z","dependencies_parsed_at":"2024-01-24T12:48:37.544Z","dependency_job_id":null,"html_url":"https://github.com/collabora/k8s-socketcan","commit_stats":{"total_commits":38,"total_committers":3,"mean_commits":"12.666666666666666","dds":0.07894736842105265,"last_synced_commit":"c58b7cd21156cdb5cc414c49214770d158cde081"},"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/collabora%2Fk8s-socketcan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/collabora%2Fk8s-socketcan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/collabora%2Fk8s-socketcan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/collabora%2Fk8s-socketcan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/collabora","download_url":"https://codeload.github.com/collabora/k8s-socketcan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249129053,"owners_count":21217276,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["device-plugin","kubernetes","kubernetes-device-plugins","socketcan"],"created_at":"2024-11-08T12:05:50.448Z","updated_at":"2025-04-15T18:31:22.394Z","avatar_url":"https://github.com/collabora.png","language":"Go","readme":"# SocketCAN Kubernetes device plugin\n\n\u003cdiv align=\"center\"\u003e\n  \u003cvideo src=\"https://user-images.githubusercontent.com/107984/157506173-5d2788e1-71ca-49ae-afc3-b7f7afbab798.mp4\"\u003e\u003c/video\u003e\n\u003c/div\u003e\n\n*We asked an [AI](https://colab.research.google.com/github/zippy731/disco-diffusion-turbo/blob/main/Disco_Diffusion_v5_Turbo_%5Bw_3D_animation%5D.ipynb) what it thinks about our SocketCAN Kubernetes plugin, this was it's answer...  \nWhat we are still trying to figure out is: what's with all the lighthouses??*\n\nThis plugin enables you to use hardware-backed and virtual [SocketCAN](https://en.wikipedia.org/wiki/SocketCAN) interfaces inside your Kubernetes Pods.\n`vcan` allows processes inside the pod to communicate with each other using the full Linux SocketCAN API. If you have\na real CAN adapter in your embedded system, you can use this plugin to use it inside your Kubernetes deployment.\n\n## Usage example\n\nAssuming you have a [microk8s](https://microk8s.io) Kubernetes cluster you can install the SocketCAN plugin:\n\n    microk8s kubectl apply -f https://raw.githubusercontent.com/Collabora/k8s-socketcan/main/k8s-socketcan-daemonset.yaml\n    microk8s kubectl wait --for=condition=ready pod -l name=k8s-socketcan\n\nNOTE: Using it with other k8s providers should require only an adjustment to the `init` container script to add a new\nsearch path for the `containerd.sock` control socket and/or install the `vcan` kernel module.\n\nNext, you can create a simple Pod that has two `vcan` interfaces enabled:\n\n    microk8s kubectl apply -f https://raw.githubusercontent.com/Collabora/k8s-socketcan/main/k8s-socketcan-client-example.yaml\n    microk8s kubectl wait --for=condition=ready pod k8s-socketcan-client-example\n\nAfterwards, you can run these two commands in two separate terminals to verify it's working correctly:\n\n    microk8s kubectl exec -it k8s-socketcan-client-example -- candump vcan0\n    microk8s kubectl exec -it k8s-socketcan-client-example -- cansend vcan0 5A1#11.2233.44556677.88\n\nIf everything goes according to plan you should see this in the two terminals:\n\n[![video of the SocketCAN demo](setup.svg)](https://asciinema.org/a/2RL3yNdRI13iRIWcrrjHaJVyR)\n\nAdding SocketCAN support to an existing Pod is as easy as adding a resource limit in the container spec:\n\n```yaml\nresources:\n  limits:\n    k8s.collabora.com/vcan: 1\n```\n\n## Other Kubernetes providers\n\nWe support Azure AKS, `microk8s` and `k3s` out-of-the-box. To use it with other k8s providers (keeping in mind the\n[Limitations](#limitations)) you should look into the `init` container script which:\n\n1. installs and loads the `vcan` kernel module\n2. searches for a `containerd.sock` in a few well known paths and makes a symlink.\n\nIf you add `tail -f /dev/null` at the end of the script you will be able to `kubectl exec` into the container\nand have a look around to verify the environment is created properly.\n\n## Hardware CAN interfaces\n\nThe SocketCAN device plugin also supports hardware CAN interfaces which is useful if you want to use (for example)\n[K3s](https://k3s.io) to manage your embedded system software. It allows you to improve security by moving a SocketCAN network\ninterface into a single container and fully isolating it from any other applications on the system. It's a perfect\nsolution if you have a daemon that arbitrates all access to the CAN bus and you wish to containerize it.\n\nTo move a hardware CAN interface into a Pod you have to modify the DaemonSet to specify the names of the interfaces\nyou wish to make available. The names should be passed as a space separated list in the `SOCKETCAN_DEVICES` environment\nvariable:\n\n```yaml\ncontainers:\n- name: k8s-socketcan\n  image: ghcr.io/collabora/k8s-socketcan:latest\n  env:\n  - name: SOCKETCAN_DEVICES\n    value: \"can1 can2\"\n```\n\nAfterwards, in the client container definition, instead of `k8s.collabora.com/vcan` you can specify the name of\nthe interface you wish to use (adding the `socketcan-` prefix to make sure it's unambiguous):\n\n```yaml\nresources:\n  limits:\n    k8s.collabora.com/socketcan-can1: 1\n```\n\n## Learn more\n\nSocketCAN official documentation is a little bit scattered around the Internet but we found these two presentations\nby Oliver Hartkopp from Microchip to be invaluable to understand the motivation behind and the architecture of the\nSocketCAN subsystem:\n\n- [The CAN Subsystem of the Linux Kernel](https://wiki.automotivelinux.org/_media/agl-distro/agl2017-socketcan-print.pdf) (includes discussion of the kernel interfaces, C code examples, usage of the \"firewall\" filters on CAN frames)\n- [Design \u0026 separation of CAN applications](https://wiki.automotivelinux.org/_media/agl-distro/agl2018-socketcan.pdf) (discusses the `vxcan` interface pairs and SocketCAN usage inside of namespaces/containers)\n\nOther resources:\n\n- [SocketCAN - The official CAN API of the Linux kernel by Marc Kleine-Budde from Pengutronix](https://www.can-cia.org/fileadmin/resources/documents/proceedings/2012_kleine-budde.pdf)\n- [python-can library](https://python-can.readthedocs.io/en/master/index.html)\n\n## Limitations\n\nThe plugin requires kernel support for SocketCAN (compiled in or as a module) on the cluster Nodes.\nThis is a package installation away on Ubuntu (so microk8s and Azure AKS work great) but unfortunatelly does not seem\npossible at all on Alpine (so for example Rancher Desktop \u003c= v1.1.1 does not work).\n\nCurrently each Pod get it's own isolated virtual SocketCAN network. There is no support for bridging\nthis to other Pods on the same node or to other nodes in the cluster. [Adding local bridging would be possible with\nthe `vxcan` functionality in the kernel and the `cangw` tool.](https://www.lagerdata.com/articles/forwarding-can-bus-traffic-to-a-docker-container-using-vxcan-on-raspberry-pi) Transparent bridging to other cluster nodes over\nthe network should be possible manually with [cannelloni](https://github.com/mguentner/cannelloni). Pull requests to either of these cases automatically\nare more then welcome.\n\nCurrently, the plugin only work with clusters based on containerd, which includes most production clusters but\nnot Docker Desktop (we recommend using [microk8s](https://microk8s.io) instead). Pull requests to support `dockerd` are of course welcome.\n\n## Other solutions\n\nThis project was inspired by the [k8s-device-plugin-socketcan](https://github.com/mpreu/k8s-device-plugin-socketcan) project by [Matthias Preu](https://www.matthiaspreu.com) but it was written\nfrom scrach and has some significant improvements:\n\n- it has a valid Open Source license (MIT)\n- it supports `containerd` (which is used by default in most k8s clusters, like AKS, these days) instead of the `dockerd`\n- it is capable of handling multiple Pods starting at the same time, which avoids head-of-the-line blocking issues when you have Pods that take a long time to start\n- it supports exclusive use of real CAN interfaces\n\nNeither project currently supports sharing a single SocketCAN interface among multiple Pods.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcollabora%2Fk8s-socketcan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcollabora%2Fk8s-socketcan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcollabora%2Fk8s-socketcan/lists"}