Raven

    In OpenYurt cluster, pods in different physical regions may need to use Pod IP, Service IP or Service name to communicate with other Pods. Although these pods are in a single K8s cluster, they are in different physical regions (network domains) and cannot communicate directly. So we create Raven project to solve this problem.

    As following picture, the architecture of have two components:

    • Raven Agent:It is deployed as a DaemonSet and runs on each node of the K8s cluster. It configures route or VPN tunnel on the node according to the role of each node (gateway or non-gateway);

    The above two components are connected by a Gateway CRD to exchange routes and VPN tunnels, as shown in the following picture:

    img

    Features:

    • No intrusion: No intrusion into the native K8s CNI network, only cross-edge traffic is hijacked for forwarding
    • Security: Use stable IPsec to encrypt cross-edge traffic

    Advantages:

    • Raven does not hijack the traffic in the same edge node pool, and keeps the CNI capabilities of the cluster itself

    Raven Controller Manager:

    versionimagereleasecontentcomment
    v0.1.0openyurt/raven-agent:v0.1.02022.05首次发布支持 IPSec 作为VPN 后端
    • 云端支持LB的公网暴露方式 【issue #22
    • 支持NAT穿越 【】
    • 支持分布式路由决策 【issue #14
      • 路由路径的cost计算
      • 在路径更改期间保持网络连接处于active状态

    欢迎感兴趣的同学加入我们,贡献代码!!!