{"id":19411479,"url":"https://github.com/volcengine/cello","last_synced_at":"2026-02-27T07:34:35.552Z","repository":{"id":169315919,"uuid":"633218904","full_name":"volcengine/cello","owner":"volcengine","description":"The VPC-CNI plugin for Volcengine.","archived":false,"fork":false,"pushed_at":"2025-05-15T03:41:42.000Z","size":887,"stargazers_count":94,"open_issues_count":2,"forks_count":8,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-07-23T12:33:58.453Z","etag":null,"topics":["cni","k8s","k8s-sig-network","vpc"],"latest_commit_sha":null,"homepage":"https://www.volcengine.com/product/vke","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/volcengine.png","metadata":{"files":{"readme":"README-zh_CN.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-04-27T03:10:45.000Z","updated_at":"2025-07-17T02:06:00.000Z","dependencies_parsed_at":"2024-06-21T20:13:35.374Z","dependency_job_id":"4c713417-034b-4650-8122-799ece944202","html_url":"https://github.com/volcengine/cello","commit_stats":null,"previous_names":["volcengine/cello"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/volcengine/cello","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fcello","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fcello/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fcello/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fcello/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/volcengine","download_url":"https://codeload.github.com/volcengine/cello/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fcello/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29887581,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T05:38:26.446Z","status":"ssl_error","status_checked_at":"2026-02-27T05:38:25.235Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cni","k8s","k8s-sig-network","vpc"],"created_at":"2024-11-10T12:21:37.000Z","updated_at":"2026-02-27T07:34:35.533Z","avatar_url":"https://github.com/volcengine.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cello CNI Network Plugin\n[English](./README.md) | 简体中文\n\n## 背景\nCello 是一款基于火山引擎VPC网络实现的kubernetes [CNI]插件。通过使用Cello插件可以在云上VPC网络环境下\n实现kubernetes集群内部网络的互通，并且在安全组放通的情况下，原生支持kubernetes集群访问同VPC下的其他资源。\nCello使用[辅助ENI]来打通Pod网络，支持共享ENI模式和ENI多IP模式，在两种模式下，支持以下基本通信场景：\n* Pod和Pod通信\n* Pod和节点通信\n\n\nCello 通过集成[Cilium]来替代kube-proxy实现kubernetes Service以获得更好的性能和更丰富的特性，支持以下类型的service：\n* ClusterIP\n* NodePort\n* LoadBalancer\n\n## 工作模式\n### 共享ENI模式\n![eniip_ipvlan](docs/images/eniip_ipvlan.png)\n共享ENI模式下，Cello将辅助ENI下的多个辅助私有IP(数量取决于[实例规格])分配给多个Pod，从而获得更高的部署密度。由于每个Pod分配到了一个VPC内的地址，所有Pod和节点在VPC内具有基本相同的“地位”。在VPC网络基础上，支持Pod和所在节点通过本地快路径进行通信。\n\n### 独占ENI模式\n![eni](docs/images/eni.png)\n独占模式下，Cello将辅助ENI直接分配给Pod, 将辅助ENI拉入到Pod的NetNs中并使用辅助ENI的主IP进行通信。从VPC视角，所有Pod和Node具有完全相同的“地位”。受限于ECS可挂载辅助ENI的数量，这种模式下Pod部署密度较低。在VPC网络基础上，支持Pod和所在节点通过本地`veth-pair`进行通信。\n\n## ENI 创建\n\u003cimg alt=\"feishu\" height=\"400\" src=\"./docs/images/eni_allocation.png\"/\u003e\n\nCello 以 daemonset 的形式部署在每个节点上，每个 Cello 实例都会独立申请辅助 ENI。申请 ENI 时会从用户配置的subnets中选择一个，并使用用户配置的全部安全组。 `eni_exclusive` 模式直接使用eni，节点上可调度的pod数量等于`eni_quota-1`。在`eni_shared`模式下，节点上可调度的pod数量等于`(eni_quota-1)*ip_quota_per_eni`。 Cello 创建的 ENI 会携带一些标签来标识创建者，如果 Cello 存活，Cello 会根据标签定期检查和回收自己泄露的 ENI。在集群中部署 opeartor 来回收删除节点时 detached 的 ENI 可以进一步避免ENI的泄漏。删除集群后，用户仍需要检查是否有 ENI 泄漏。\n\n## 调度感知\n无论是哪种模式，Cello 都会通过 [device plugin] 报告可用网络资源的数量，以便调度器将 pod 调度到有资源的节点上。用户可以通过向 pod 的第一个容器添加以下 [requests and limits] 字段来使用此机制。\n\n```yaml\n# eni_shared mode:\nresources:\n  limits:\n    vke.volcengine.com/eni-ip: \"1\"\n  requests:\n    vke.volcengine.com/eni-ip: \"1\"\n# eni_exclusive mode:\nresources:\n  limits:\n    vke.volcengine.com/eni: \"1\"\n  requests:\n    vke.volcengine.com/eni: \"1\"\n```\n\n## 构建\n#### 依赖\n- `protobuf [required]`\n- `go 1.20+ [required]`\n- `docker [option] `\n\n#### 编译bin\n```bash\n# make完后所有部署需要的程序和配置文件位于./output 目录\ngit clone [todo]\ncd cello\ngo mod download\nmake bin\n```\n\n#### 编译镜像\n```bash\ngit clone [todo]\ncd cello\ngo mod download\nmake image # 默认使用docker，可通过ARG `ENGINE` 指定使用podman进行编译\n```\n\n## 部署\n### 安装 Kubernetes\n* 准备火山引擎 ECS实例 （需要 ECS 实例内核版本 4.19+，经过测试的OS为veLinux 1.0 with 5.10 kernel）\n* 安装Kubernetes，推荐使用 [kubeadm]\n\n### 安装Cello\n* 确保传递给Cello的`credentialAccessKeyId` 或 `ramRole`附加了所需的 [IAM策略](docs/iam-policy.md)\n* 参考 [config.md](docs/config.md) 准备配置\n* 使用helm安装（需要helm 3.0）\n    ```shell\n    helm install cello chart\n    ```\n\n## 测试\n### 单元测试\n```bash\ngit clone [todo]\ncd cello\ngo mod download\nmake test\n```\n### 功能测试\n确保集群正确安装了Cello, 并且 `kubectl` 可连接到集群\n```bash\ngit clone [todo]\ncd cello\n./tests/test.sh\n```\n\n## Community\n### Contributing\n详情见 [CONTRIBUTING.md](./CONTRIBUTING.md)。\n\n### Contact\n欢迎通过 Github `issues` 和 `pull requests` 进行交流， 也可以通过邮件或扫描下方飞书二维码与我们取得联系。  \n\n\u003cimg alt=\"feishu\" height=\"300\" src=\"./docs/images/feishu.png\"/\u003e\n\n\n### License\nCello 使用 Apache 2.0 证书, 详情见 [LICENSE](./LICENSE)。\n\n\n[CNI]: https://www.cni.dev/\n[辅助ENI]: https://www.volcengine.com/docs/6401/68940#%E7%BD%91%E5%8D%A1\n[Cilium]: https://cilium.io/\n[实例规格]: https://www.volcengine.com/docs/6396/70840\n[kubeadm]: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvolcengine%2Fcello","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvolcengine%2Fcello","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvolcengine%2Fcello/lists"}