Author: Víctor Manuel Oliver Acosta
kube-nftlb is a Kubernetes Pod made by two containers (
daemon) able to communicate the Kubernetes API Server, using a Debian image with
This project can request information from the API Server such as new, updated or deleted Services/Endpoints, and make rules in
Software required before proceeding
- Minikube v0.30.0 (already started with
nftlbinstalled in the host or VM
... Or you can run
debian_tools_installer.sh as root after a fresh Debian Testing install in a virtualized environment.
Getting the cluster ready
You must only do these steps if you have NOT done it before, and if you meet the specified conditions mentioned in each point. Otherwise, you can skip this section.
- You need to install this project using the command
go getto resolve its dependencies. Run this command (it might take a while, be patient):
root@pc: go get -u github.com/zevenet/kube-nftlb/...
- This is a mandatory step if you started Minikube with
--vm-driver=none, and you mustn't do it if that's not your case.
corednswon't be able to resolve external hostnames unless you run this command:
root@pc: kubectl apply -f yaml/give_internet_access_to_pods.yaml
- The cluster needs a
kube-nftlbprivileged rol, because in order to use
kube-nftlbfor communicating the API Server, it needs to be recognised and authenticated by the API Server. Run this command:
root@pc: kubectl apply -f yaml/authentication_system_level_from_pod.yaml
Project test: steps to follow
- The project will be available locally following the above steps. But first,
nftablesrules need to be monitorized in order to notice the changes that are being made. Run these commands and hide the terminal for later:
user@pc: su root@pc: watch -n 1 nft list table nftlb
- Open another terminal. To get inside the project directory, run these commands:
user@pc: su root@pc: cd ~/go/src/github.com/zevenet/kube-nftlb/
- The script
main.goand will build a Docker container to put it inside the cluster. Before running it, you MUST read the script. And be careful, all
nftablesrules you may have set could be flushed. Once you have read it and adapted it to your use case, run:
root@pc: sh build.sh
- Once the script has finished, the
kube-nftlbPod will be made as DaemonSet. Inside
yamlthere's a file ready for this, apply it to the cluster by running this:
root@pc: kubectl apply -f yaml/create_nftlb_as_daemonset.yaml
Notice how rules are made in the first terminal you opened.
- The test will be made with a Ghost instance, exposing, editing and deleting a Service. Run this command:
root@pc: kubectl create deployment ghost --image=ghost
ghostPod will be exposed through a Service with this command:
root@pc: kubectl expose deployment ghost --port=2368
ghost rules are made in the first terminal you opened.
- Update the Service with this command, changing the port from 2368 to 2369, and save the file:
root@pc: kubectl edit service ghost
ghost port has changed in the first terminal you opened.
- Delete the Service with this command:
root@pc: kubectl delete service ghost
ghost rules are deleted in the first terminal you opened.
- I've done everything already, how can I stop watching
- I have followed the guide and I've got no errors. But, how can I delete the
kube-nftlbPod to test the project again from the start?
Run this command as root:
root@pc: kubectl delete -f yaml/create_nftlb_as_daemonset.yaml
- How can I also delete the
ghostPod? The guide explains how to delete its Service, but not its Pod.
Run this command as root:
root@pc: kubectl delete deployment ghost