Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cloudfoundry/cf-k8s-networking
building a cloud foundry without gorouter....
https://github.com/cloudfoundry/cf-k8s-networking
cloudfoundry eirini golang istio kubernetes kubernetes-controller metacontroller networking routing service-mesh
Last synced: 3 months ago
JSON representation
building a cloud foundry without gorouter....
- Host: GitHub
- URL: https://github.com/cloudfoundry/cf-k8s-networking
- Owner: cloudfoundry
- License: apache-2.0
- Archived: true
- Created: 2019-08-30T12:19:56.000Z (over 5 years ago)
- Default Branch: develop
- Last Pushed: 2022-04-13T16:59:51.000Z (over 2 years ago)
- Last Synced: 2024-09-21T18:39:09.508Z (3 months ago)
- Topics: cloudfoundry, eirini, golang, istio, kubernetes, kubernetes-controller, metacontroller, networking, routing, service-mesh
- Language: Go
- Homepage:
- Size: 11.9 MB
- Stars: 32
- Watchers: 23
- Forks: 17
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: code-of-conduct.md
Awesome Lists containing this project
README
cf-k8s-networking
---
Routing and networking for Cloud Foundry running on Kubernetes.## Deploying
CF-K8s-Networking is a component of CF-for-K8s. To deploy CF-for-K8s reference
the following documentation:* [Deploy Cloud Foundry on
Kubernetes](https://github.com/cloudfoundry/cf-for-k8s/blob/master/docs/deploy.md)
* [Deploy Cloud Foundry
Locally](https://github.com/cloudfoundry/cf-for-k8s/blob/6e4ba5cc0514481a0675ea83731449c752b1dcad/docs/deploy-local.md)## Architecture
![Architecture Diagram of
CF-K8s-Networking](doc/assets/routecontroller-data-flow-diagram.png)* **RouteController:** Watches the Kubernetes API for Route CRs and translates
the Route CRs into Istio Virtual Service CRs and Kubernetes Services
accordingly to enable routing to applications deployed by Cloud Foundry.* **Istio:** CF-K8s-Networking currently depends on [Istio](https://istio.io/).
* Istio serves as both our gateway router for ingress networking, replacing
the role of the Gorouters in CF for VMs, and service mesh for (eventually)
container-to-container networking policy enforcement.
* We provide a manifest for installing our custom configuration for Istio,
[here](https://github.com/cloudfoundry/cf-for-k8s/blob/master/config/istio/istio-generated/xxx-generated-istio.yaml).
* Istio provides us with security features out of the box, such as:
* Automatic Envoy sidecar injection for system components and application workloads
* `Sidecar` Kubernetes resources that can limit egress traffic from workload `Pod`s
* Transparent mutual TLS (mTLS) everywhere
* (Eventually) app identity certificates using [SPIFFE](https://spiffe.io/) issued by Istio Citadel
* Istio should be treated as an "implementation detail" of the platform and
our reliance on it is subject to change
* Istio config is located in [cf-for-k8s](https://github.com/cloudfoundry/cf-for-k8s) and it's managed by the cf-k8s-networking team.## Contributing
For information about how to contribute, develop against our codebase, and run
our various test suites, check out our [Contributing guidelines](CONTRIBUTING.md).