Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cloudfoundry/cf-k8s-networking

building a cloud foundry without gorouter....
https://github.com/cloudfoundry/cf-k8s-networking

cloudfoundry eirini golang istio kubernetes kubernetes-controller metacontroller networking routing service-mesh

Last synced: about 2 months ago
JSON representation

building a cloud foundry without gorouter....

Host: GitHub
URL: https://github.com/cloudfoundry/cf-k8s-networking
Owner: cloudfoundry
License: apache-2.0
Archived: true
Created: 2019-08-30T12:19:56.000Z (about 5 years ago)
Default Branch: develop
Last Pushed: 2022-04-13T16:59:51.000Z (over 2 years ago)
Last Synced: 2024-09-21T18:39:09.508Z (about 2 months ago)
Topics: cloudfoundry, eirini, golang, istio, kubernetes, kubernetes-controller, metacontroller, networking, routing, service-mesh
Language: Go
Homepage:
Size: 11.9 MB
Stars: 32
Watchers: 23
Forks: 17
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: code-of-conduct.md

Awesome Lists containing this project

README

cf-k8s-networking
---
Routing and networking for Cloud Foundry running on Kubernetes.

## Deploying

CF-K8s-Networking is a component of CF-for-K8s. To deploy CF-for-K8s reference
the following documentation:

* [Deploy Cloud Foundry on
Kubernetes](https://github.com/cloudfoundry/cf-for-k8s/blob/master/docs/deploy.md)
* [Deploy Cloud Foundry
Locally](https://github.com/cloudfoundry/cf-for-k8s/blob/6e4ba5cc0514481a0675ea83731449c752b1dcad/docs/deploy-local.md)

## Architecture

![Architecture Diagram of
CF-K8s-Networking](doc/assets/routecontroller-data-flow-diagram.png)

* **RouteController:** Watches the Kubernetes API for Route CRs and translates
the Route CRs into Istio Virtual Service CRs and Kubernetes Services
accordingly to enable routing to applications deployed by Cloud Foundry.

* **Istio:** CF-K8s-Networking currently depends on [Istio](https://istio.io/).
* Istio serves as both our gateway router for ingress networking, replacing
the role of the Gorouters in CF for VMs, and service mesh for (eventually)
container-to-container networking policy enforcement.
* We provide a manifest for installing our custom configuration for Istio,
[here](https://github.com/cloudfoundry/cf-for-k8s/blob/master/config/istio/istio-generated/xxx-generated-istio.yaml).
* Istio provides us with security features out of the box, such as:
* Automatic Envoy sidecar injection for system components and application workloads
* `Sidecar` Kubernetes resources that can limit egress traffic from workload `Pod`s
* Transparent mutual TLS (mTLS) everywhere
* (Eventually) app identity certificates using [SPIFFE](https://spiffe.io/) issued by Istio Citadel
* Istio should be treated as an "implementation detail" of the platform and
our reliance on it is subject to change
* Istio config is located in [cf-for-k8s](https://github.com/cloudfoundry/cf-for-k8s) and it's managed by the cf-k8s-networking team.

## Contributing
For information about how to contribute, develop against our codebase, and run
our various test suites, check out our [Contributing guidelines](CONTRIBUTING.md).