首頁 探索 說明
登入
akillibulut
/
kilo
镜像来自 https://github.com/squat/kilo
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

docs/userspace-wireguard.md: add details

This commit clarifies a few lines from the userspace doc and notes in
the README that Kilo works with userspace WireGuard.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Lucas Servén Marín 5 年之前
父節點
f6f0b8c791
當前提交
e7855825cf
共有 2 個文件被更改,包括 18 次插入15 次删除
統一視圖 顯示文件統計
  1. 3 1
      README.md
  2. 15 14
      docs/userspace-wireguard.md

+ 3 - 1
README.md
查看文件 

@@ -28,13 +28,15 @@ This means that if a cluster uses, for example, Flannel for networking, Kilo can
 
 
 
 Kilo can be installed on any Kubernetes cluster either pre- or post-bring-up.
 
 Kilo can be installed on any Kubernetes cluster either pre- or post-bring-up.
 
 
 
-### Step 1: install WireGuard
 
+### Step 1: get WireGuard
 
 
 
 Kilo requires the WireGuard kernel module to be loaded on all nodes in the cluster.
 
 Kilo requires the WireGuard kernel module to be loaded on all nodes in the cluster.
 
 Starting at Linux 5.6, the kernel includes WireGuard in-tree; Linux distributions with older kernels will need to install WireGuard.
 
 Starting at Linux 5.6, the kernel includes WireGuard in-tree; Linux distributions with older kernels will need to install WireGuard.
 
 For most Linux distributions, this can be done using the system package manager.
 
 For most Linux distributions, this can be done using the system package manager.
 
 [See the WireGuard website for up-to-date instructions for installing WireGuard](https://www.wireguard.com/install/).
 
 [See the WireGuard website for up-to-date instructions for installing WireGuard](https://www.wireguard.com/install/).
 
 
 
+Clusters with nodes on which the WireGuard kernel module cannot be installed can use Kilo by leveraging a [userspace WireGuard implementation](./docs/userspace-wireguard.md).
 
+
 
 ### Step 2: open WireGuard port
 
 ### Step 2: open WireGuard port
 
 
 
 The nodes in the mesh will require an open UDP port in order to communicate.
 
 The nodes in the mesh will require an open UDP port in order to communicate.

+ 15 - 14
docs/userspace-wireguard.md
查看文件 

@@ -1,33 +1,34 @@
 
 # Userspace WireGuard
 
 # Userspace WireGuard
 
 
 
 It is possible to use a userspace implementation of WireGuard with Kilo.
 
 It is possible to use a userspace implementation of WireGuard with Kilo.
 
-This can make sense if
 
+This can make sense in cases where
 
 
 
-* not all nodes in the cluster have WireGuard installed
 
-* no one wants to install the DKMS WireGuard package on these nodes
 
+* not all nodes in a cluster have WireGuard installed; or
 
+* nodes are effectively immutable and kernel modules cannot be installed.
 
 
 
-## Homogeneous Cluster
 
+## Homogeneous Clusters
 
 
 
-With a homogeneous cluster (no node has the WireGuard kernel module), you can run a userspace WireGuard implementation as a DaemonSet.
 
-This will create a WireGuard interface and Kilo will configure it.
 
-In order to avoid a race condition, `kg` needs to be passed the `--create-interface=false` flag. 
+In a homogeneous cluster where no node has the WireGuard kernel module, a userspace WireGuard implementation can be made available by deploying a DaemonSet.
 
+This DaemonSet creates a WireGuard interface that Kilo will manage.
 
+In order to avoid race conditions, `kg` needs to be passed the `--create-interface=false` flag. 
 
 
-An example configuration for a k3s cluster with [boringtun](https://github.com/cloudflare/boringtun) can be applied with 
+An example configuration for a k3s cluster with [boringtun](https://github.com/cloudflare/boringtun) can be applied with:
 
 
 
 ```shell
 
 ```shell
 
 kubectl apply -f https://raw.githubusercontent.com/squat/Kilo/master/manifests/kilo-k3s-userspace.yaml
 
 kubectl apply -f https://raw.githubusercontent.com/squat/Kilo/master/manifests/kilo-k3s-userspace.yaml
 
 ```
 
 ```
 
 
 
-__Note:__ even if some nodes have the WireGuard kernel module, this will still use the userspace implementation of WireGuard.
 
+__Note:__ even if some nodes have the WireGuard kernel module, this configuration will cause all nodes to use the userspace implementation of WireGuard.
 
 
 
-## Heterogeneous Cluster
 
+## Heterogeneous Clusters
 
 
 
-If you have a heterogeneous cluster (some nodes are missing the WireGuard kernel module) and you wish to use the kernel module, if available, you can apply this configuration to a k3s cluster:
 
+In a heterogeneous cluster where some nodes are missing the WireGuard kernel module, a userspace WireGuard implementation can be provided only to the nodes that need it while enabling the other nodes to leverage WireGuard via the kernel module.
 
+An example of such a configuration for a k3s cluster can by applied with:
 
 
 
 ```shell
 
 ```shell
 
 kubectl apply -f https://raw.githubusercontent.com/squat/Kilo/master/manifests/kilo-k3s-userspace-heterogeneous.yaml
 
 kubectl apply -f https://raw.githubusercontent.com/squat/Kilo/master/manifests/kilo-k3s-userspace-heterogeneous.yaml
 
 ```
 
 ```
 
 
 
-This config will apply [nkml](https://github.com/leonnicolas/nkml) as a DaemonSet to label all nodes according to the presence of the WireGuard kernel module.
 
-It will apply two different DaemonSets with Kilo: `kilo` without userspace WireGuard and `kilo-userspace` with boringtun as a sidecar.
 
-Because Kilo is dependant on nkml, it needs to run on the host network and needs a kubeconfig to be able to update the labels.
 
+This configuration will deploy [nkml](https://github.com/leonnicolas/nkml) as a DaemonSet to label all nodes according to the presence of the WireGuard kernel module.
 
+It will also create two different DaemonSets with Kilo: `kilo` without userspace WireGuard and `kilo-userspace` with boringtun as a sidecar.
 
+__Note:__ because Kilo is dependant on nkml, nkml must be run on the host network before CNI is available and requires a kubeconfig in order to access the Kubernetes API.