{"id":13735355,"url":"https://github.com/kmesh-net/kmesh","last_synced_at":"2025-05-15T07:02:34.417Z","repository":{"id":181350661,"uuid":"665383420","full_name":"kmesh-net/kmesh","owner":"kmesh-net","description":"High Performance ServiceMesh Data Plane Based on eBPF and Programmable Kernel","archived":false,"fork":false,"pushed_at":"2025-05-15T02:30:02.000Z","size":55508,"stargazers_count":595,"open_issues_count":174,"forks_count":102,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-05-15T07:01:37.460Z","etag":null,"topics":["ebpf","high-performance","kernel","kubernetes","low-overhead","microservice","networking","resiliency","service-mesh","traffic-management"],"latest_commit_sha":null,"homepage":"https://kmesh.net","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kmesh-net.png","metadata":{"files":{"readme":"README-zh.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-07-12T05:00:17.000Z","updated_at":"2025-05-15T03:59:48.000Z","dependencies_parsed_at":"2023-07-15T05:33:18.119Z","dependency_job_id":"a596d553-04d1-4060-98f1-b70b2f66658a","html_url":"https://github.com/kmesh-net/kmesh","commit_stats":null,"previous_names":["kmesh-net/kmesh"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kmesh-net%2Fkmesh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kmesh-net%2Fkmesh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kmesh-net%2Fkmesh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kmesh-net%2Fkmesh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kmesh-net","download_url":"https://codeload.github.com/kmesh-net/kmesh/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254291961,"owners_count":22046424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","high-performance","kernel","kubernetes","low-overhead","microservice","networking","resiliency","service-mesh","traffic-management"],"created_at":"2024-08-03T03:01:05.975Z","updated_at":"2025-05-15T07:02:34.353Z","avatar_url":"https://github.com/kmesh-net.png","language":"Go","funding_links":[],"categories":["Go","Service Mesh"],"sub_categories":[],"readme":"\u003cimg src=\"docs/pics/logo/KMESH-horizontal-colour.png\" alt=\"kmesh-logo\" style=\"zoom: 100%;\" /\u003e\n\n## 介绍\n\nKmesh是一种基于可编程内核实现的高性能服务网格数据面;提供服务网格场景下高性能的服务通信基础设施。\n\n## 为什么需要Kmesh\n\n### 服务网格数据面的挑战\n\nIstio为代表的服务网格已逐步流行,成为云上基础设施的重要组成;但当前的服务网格仍面临一定的挑战:\n\n- **代理层引入额外时延开销**:服务访问单跳增加[2~3ms](https://istio.io/latest/docs/ops/deployment/performance-and-scalability/#data-plane-performance),无法满足时延敏感应用的SLA诉求;虽然社区基于该问题演进出了多种数据面方案,但仍无法完全消减代理引入的开销;\n- **资源占用大**:代理占用额外CPU/MEM开销,业务容器部署密度下降;\n\n### Kmesh:内核级原生流量治理\n\nKmesh创新性的提出将流量治理下沉OS,在数据路径上无需经过代理层,构建应用透明的sidecarless服务网格。\n\n![image-20230927012356836](docs/pics/why-kmesh-arch.png)\n\n### Kmesh关键特性\n\n**平滑兼容**\n\n- 应用透明的流量治理\n- 自动对接Istiod\n\n**高性能**\n\n- 网格转发时延**60%↓**\n- 服务启动性能**40%↑**\n\n**低开销**\n\n- 网格底座开销**70%↓**\n\n**安全隔离**\n\n- ebpf虚机安全\n- cgroup级编排隔离\n\n**全栈可视化**\n\n- 端到端指标采集*\n- 主流观测平台对接*\n\n**开放生态**\n\n- 支持XDS协议标准\n\n注:* 规划中;\n\n## 快速开始\n\n- 前提条件\n\n - Kmesh当前是对接Istio控制面,启动Kmesh前,需要提前安装好Istio的控制面软件;具体安装步骤参考:https://istio.io/latest/docs/setup/getting-started/#install\n - 完整的Kmesh能力依赖对OS的增强,需确认执行环境是否在Kmesh支持的[OS列表](docs/kmesh_support-zh.md)中,对于其他OS环境需要参考[Kmesh编译构建](docs/kmesh_compile-zh.md);也可以使用[兼容模式的kmesh镜像](build/docker/README.md#兼容模式镜像)在其他OS环境中进行尝试,关于kmesh各种镜像的说明请参考[详细文档](build/docker/README.md)。\n \n- Docker镜像:\n\n Kmesh实现通过内核增强将完整的流量治理能力下沉至OS。当发布镜像时,镜像适用的OS的范围是必须考虑的。因此,我们考虑发布三种类型的镜像:\n\n - 支持内核增强的OS版本:\n\n 当前[openEuler 23.03](https://repo.openeuler.org/openEuler-23.03/)原生支持Kmesh所需的内核增强特性。Kmesh发布的镜像可以直接在该OS上安装运行。对于详细的支持内核增强的OS版本列表,请参见[链接](https://github.com/kmesh-net/kmesh/blob/main/docs/kmesh_support.md)。\n \n - 针对所有OS版本:\n\n 为了兼容不同的OS版本,Kmesh提供在线编译并运行的镜像。在Kmesh被部署之后,它会基于宿主机的内核能力自动选择运行的Kmesh特性,从而满足一个镜像在不同OS环境运行的要求。\n \n \n \n 考虑到kmesh使用的通用性,我们也发布了用于kmesh编译构建的镜像。用户可以基于此镜像方便的制作出可以在当前OS版本上运行的kmesh镜像。默认命名为ghcr.io/kmesh-net/kmesh:latest,用户可自行调整,参考[Kmesh编译构建](docs/kmesh_compile-zh.md#docker image编译)\n \n ```bash\n make docker TAG=latest\n ```\n \n- 启动Kmesh容器\n\n 默认使用名为 ghcr.io/kmesh-net/kmesh:latest的镜像,如需使用兼容模式或其他版本可自行修改\n\n -  Helm安装方式\n \n ```sh\n [root@ ~]# helm install kmesh ./deploy/charts/kmesh-helm -n kmesh-system --create-namespace\n ```\n\n - Yaml安装方式\n \n ```sh\n # get kmesh.yaml:来自代码仓 deploy/yaml/kmesh.yaml\n [root@ ~]# kubectl apply -f kmesh.yaml\n [root@ ~]# kubectl apply -f clusterrole.yaml\n [root@ ~]# kubectl apply -f clusterrolebinding.yaml\n [root@ ~]# kubectl apply -f serviceaccount.yaml\n [root@ ~]# kubectl apply -f l7-envoyfilter.yaml\n ```\n \n 默认使用Kmesh功能,可通过调整yaml文件中的启动参数进行功能选择\n \n- 查看kmesh服务启动状态\n\n ```sh\n [root@ ~]# kubectl get pods -A | grep kmesh\n kmesh-system kmesh-l5z2j 1/1 Running 0 117m\n ```\n\n- 查看kmesh服务运行状态\n\n ```sh\n [root@master mod]# kubectl logs -f -n kmesh-system kmesh-l5z2j\n time=\"2024-02-19T10:16:52Z\" level=info msg=\"service node sidecar~192.168.11.53~kmesh-system.kmesh-system~kmesh-system.svc.cluster.local connect to discovery address istiod.istio-system.svc:15012\" subsys=controller/envoy\n time=\"2024-02-19T10:16:52Z\" level=info msg=\"options InitDaemonConfig successful\" subsys=manager\n time=\"2024-02-19T10:16:53Z\" level=info msg=\"bpf Start successful\" subsys=manager\n time=\"2024-02-19T10:16:53Z\" level=info msg=\"controller Start successful\" subsys=manager\n time=\"2024-02-19T10:16:53Z\" level=info msg=\"command StartServer successful\" subsys=manager\n time=\"2024-02-19T10:16:53Z\" level=info msg=\"start write CNI config\\n\" subsys=\"cni installer\"\n time=\"2024-02-19T10:16:53Z\" level=info msg=\"kmesh cni use chained\\n\" subsys=\"cni installer\"\n time=\"2024-02-19T10:16:54Z\" level=info msg=\"Copied /usr/bin/kmesh-cni to /opt/cni/bin.\" subsys=\"cni installer\"\n time=\"2024-02-19T10:16:54Z\" level=info msg=\"kubeconfig either does not exist or is out of date, writing a new one\" subsys=\"cni installer\"\n time=\"2024-02-19T10:16:54Z\" level=info msg=\"wrote kubeconfig file /etc/cni/net.d/kmesh-cni-kubeconfig\" subsys=\"cni installer\"\n time=\"2024-02-19T10:16:54Z\" level=info msg=\"command Start cni successful\" subsys=manager\n ```\n \n 更多Kmesh编译构建方式,请参考[Kmesh编译构建](docs/kmesh_compile-zh.md)\n\n- Kmesh L7\n\n - 安装waypoint\n\n ```\n [root@ ~]# istioctl x waypoint apply --service-account default\n [root@ ~]# kubectl get pods \n NAME READY STATUS RESTARTS AGE\n default-istio-waypoint-6d9df77746-njjq5 1/1 Running 0 10s\n nginx-55b99db5d6-ddpb2 1/1 Running 0 10d\n sleep-865b99bb57-qzjcj 1/1 Running 0 10d\n ```\n \n - 用kmesh自定义的镜像替换waypoint的原生镜像\n\n ```\n [root@ ~]# kubectl get gateway\n NAME CLASS ADDRESS PROGRAMMED AGE\n default istio-waypoint 10.96.143.232 True 5m7s\n ```\n\n 在`default` gateway的annotations当中添加`sidecar.istio.io/proxyImage: ghcr.io/kmesh-net/waypoint-{arch}:v0.3.0`,将`{arch}`转换为所在宿主机的架构,当前可选的取值为`x86`和`arm`。在gateway pod重启之后,kmesh就具备L7能力了!\n\n## Kmesh性能\n\n基于fortio对比测试了Kmesh和envoy的数据面执行性能;测试结果如下:\n\n![fortio_performance_test](docs/pics/fortio_performance_test.png)\n\n完整的性能测试请参考[Kmesh性能测试](test/performance/README-zh.md);\n\n## 软件架构\n\n![kmesh-arch](docs/pics/kmesh-arch.png)\n\nKmesh的主要部件包括:\n\n- kmesh-controller:\n\n kmesh管理程序,负责Kmesh生命周期管理、XDS协议对接、观测运维等功能;\n\n- kmesh-api:\n\n kmesh对外提供的api接口层,主要包括:xds转换后的编排API、观测运维通道等;\n\n- kmesh-runtime:\n\n kernel中实现的支持L3~L7流量编排的运行时;\n\n- kmesh-orchestration:\n\n 基于ebpf实现L3~L7流量编排,如路由、灰度、负载均衡等;\n\n- kmesh-probe:\n\n 观测运维探针,提供端到端观测能力;\n\n## 特性说明\n\n- Kmesh命令列表\n\n [Kmesh命令列表](docs/kmesh_commands-zh.md)\n\n- demo演示\n\n [Kmesh demo演示](docs/kmesh_demo-zh.md)\n\n## Kmesh能力地图\n\n| 特性域 | 特性 | 2023.H1 | 2023.H2 | 2024.H1 | 2024.H2 |\n| ------------ | ------------------------ | :------------------------: | :------------------------: | :------------------------: | :------------------------: |\n| 流量管理 | sidecarless网格数据面 | √ | | | |\n| | sockmap加速 | | √ | | |\n| | 基于ebpf的可编程治理 | √ | | | |\n| | http1.1协议 | √ | | | |\n| | http2协议 | | | | √ |\n| | grpc协议 | | | | √ |\n| | quic协议 | | | | √ |\n| | tcp协议 | | √ | | |\n| | 重试 | | | √ | |\n| | 路由 | √ | | | |\n| | 负载均衡 | √ | | | |\n| | 故障注入 | | | √ | |\n| | 灰度发布 | | √ | | |\n| | 熔断 | | | √ | |\n| | 限流 | | | √ | |\n| 服务安全 | mTLS | | | | √ |\n| | L7授权 | | | | √ |\n| | 治理pod级隔离 | √ | | | |\n| 流量监控 | 基础观测(治理指标监控) | | √ | | |\n| | E2E可观测 | | | | √ |\n| 可编程 | 插件式扩展能力 | | | | √ |\n| 生态协作 | 数据面协同(Envoy等) | | √ | | |\n| 运行环境支持 | 容器 | √ | | | |\n\n## 联系人\n\n如果您有任何问题,请随时通过以下方式联系我们:\n\n- [meeting notes](https://docs.google.com/document/d/1fFqolwWMVMk92yXPHvWGrMgsrb8Xru_v4Cve5ummjbk)\n- [mailing list](https://groups.google.com/forum/#!forum/kmesh)\n- [slack](https://join.slack.com/t/kmesh/shared_invite/zt-23mte0eau-s3MoQNYPzsgvUwwXkOmIIA)\n- [twitter](https://twitter.com/kmesh_net)\n\n## 贡献\n\n如果您有兴趣成为贡献者,并希望参与开发Kmesh代码,请参见[贡献](CONTRIBUTING.md)了解有关提交补丁程序和贡献工作流的详细信息。\n\n## 许可证\n\nKmesh在Apache 2.0许可证下。有关详细信息,请参见[LICENSE](LICENSE) 文件。\n\nKmesh文档位于[CC-BY-4.0 license](https://creativecommons.org/licenses/by/4.0/legalcode)下。\n\n## 致谢\n\n此项目最初在[openEuler社区](https://gitee.com/openeuler/Kmesh)孵化,感谢openEuler社区在早期推动该项目的帮助。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkmesh-net%2Fkmesh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkmesh-net%2Fkmesh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkmesh-net%2Fkmesh/lists"}