Kubernetes 之Addons(第三方插件)

 

注意:
kubernetes把所有的插件统一放在了.../cluster/addons下了

从以前的发布情况能看到,2015年1月,  addons被用来放置独立出来的单独插件, 是kubernetes 0.8.x系列版本中cluster/addons目录被加入进来.
最早被放入的是dns和cluster-monitoring(可以看kubernetes 0.8.0版本)

Installing Addons(安装插件)

Note: This section links to third party projects that provide functionality required by Kubernetes. The Kubernetes project authors aren't responsible for these projects, which are listed alphabetically. To add a project to this list, read the content guide before submitting a change. More information.
注:本节链接到提供Kubernetes所需功能的第三方项目。Kubernetes项目作者不负责这些按字母顺序列出的项目。要将项目添加到此列表中,请在提交更改之前阅读内容指南。更多信息。

 Add-ons extend the functionality of Kubernetes.

附加 组件 扩展了Kubernetes的功能

This page lists some of the available add-ons and links to their respective installation instructions.

本页列出了一些可用的附加组件及其各自安装说明的链接。

Networking and Network Policy(网络和网络政策)

  • ACI provides integrated container networking and network security with Cisco ACI. 
  • ACI 通过Cisco ACI提供集成的容器网络和网络安全

    代码地址: https://github.com/noironetworks/aci-containers

    下面是项目主页上的介绍

    ACI CNI Plugin

    The Cisco Application Centric Infrastructure (ACI) CNI plugin brings the ACI Networking and Policy model to Kubernetes clusters that reside on-prem or in the cloud. It is fully open source and relies on the Opflex Protocol to program Open vSwitch instances running on the Kubernetes nodes. It provides IP address management, L2/L3 networking, load balancing, and security functions for container workloads.

    Cisco Application Centric Infrastructure(ACI)CNI插件将ACI网络和策略模型引入驻留在prem或云中的Kubernetes群集。它是完全开源的,并依赖Opflex Protocol(Opflex协议)来编程运行在Kubernetes节点上的开放vSwitch实例。它为容器工作负载提供IP地址管理、L2/L3网络、负载平衡和安全功能。

  • Antrea operates at Layer 3/4 to provide networking and security services for Kubernetes, leveraging Open vSwitch as the networking data plane.

    Antrea 在3/4层运行,利用开放式vSwitch作为网络数据平面,为Kubernetes提供网络和安全服务。
    项目地址: https://antrea.io/ 

    Enable pod networking and enforce network policies for Kubernetes clusters

    Antrea is a Kubernetes-native project that implements the Container Network Interface (CNI) and Kubernetes NetworkPolicy thereby providing network connectivity and security for pod workloads. Antrea extends the benefit of programmable networks from Open vSwitch (OVS) to Kubernetes.

    Antrea是Kubernetes原生项目,它实现了容器网络接口(CNI)和Kubernetes网络策略,从而为pod workloads提供网络连接和安全性。Antrea将可编程网络的优势从开放式vSwitch(OVS)扩展到Kubernetes。

  • Calico is a networking and network policy provider. Calico supports a flexible set of networking options so you can choose the most efficient option for your situation, including non-overlay and overlay networks, with or without BGP. Calico uses the same engine to enforce network policy for hosts, pods, and (if using Istio & Envoy) applications at the service mesh layer.
  • 项目地址: https://projectcalico.docs.tigera.io/about/about-calico

    主页上有一段介绍

    What is Calico?

    Calico is an open source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Mirantis Kubernetes Engine (MKE), OpenStack, and bare metal services.

    Calico是一个针对容器、虚拟机和基于本机主机的工作负载的开源网络和网络安全解决方案。Calico支持多种平台,包括Kubernetes、OpenShift、Mirantis Kubernetes Engine(MKE)、OpenStack和裸机服务。

    Whether you opt to use Calico's eBPF data plane or Linux’s standard networking pipeline, Calico delivers blazing fast performance with true cloud-native scalability. Calico provides developers and cluster operators with a consistent experience and set of capabilities whether running in public cloud or on-prem, on a single node, or across a multi-thousand node cluster.

    无论您选择使用Calico的eBPF数据平面还是Linux的标准网络管道,Calico都能提供极快的性能和真正的云本机可扩展性。Calico为开发者和集群运营商提供了一致的体验和一系列功能,无论是在公共云上还是在prem上、在单个节点上,还是在数千个节点的集群上运行。

    is a networking and network policy provider. Calico supports a flexible set of networking options so you can choose the most efficient option for your situation, including non-overlay and overlay networks, with or without BGP. Calico uses the same engine to enforce network policy for hosts, pods, and (if using Istio & Envoy) applications at the service mesh layer.

    calico是一家网络和网络策略提供商。Calico支持一套灵活的网络选项,因此您可以根据自己的情况选择最有效的选项,包括non-overlay网络和 overlay 网络,无论是否使用BGP。Calico使用同一个引擎在服务网格层为主机、pods和(如果使用Istio和ENVISOTE)应用程序实施网络策略。

    安装: https://projectcalico.docs.tigera.io/archive/v3.21/reference/installation/api

            https://projectcalico.docs.tigera.io/archive/v3.21/getting-started/kubernetes/

            https://www.projectcalico.org/live-migration-from-flannel-to-calico/

    前提条件:kubelet必须配置CNI网络插件

  • Canal (插件) unites Flannel and Calico, providing networking and network policy.
  •  Canal是Flannel与Calico的结合来提供网络和网络策略

    介绍:

    Canal was the name of Tigera and CoreOS’s project to integrate Calico and flannel.

    Canal 是 Tigera 和 CoreOS公司的项目,集成了Calico 和 flannel

    Originally, we thought we might more deeply integrate the two projects (possibly even going as far as a rebranding!). However, over time it became clear that that wasn't really necessary to fulfil our goal of making them work well together. Ultimately, we decided to focus on adding features to both projects rather than doing work just to combine them.

    最初,我们认为我们可能会更深入地整合这两个项目(甚至可能会更名!)。然而,随着时间的推移,很明显,这并不是实现我们让他们一起工作的目标,所必须的。最终,我们决定将重点放在,为这两个项目添加功能上,而不是仅仅为了将它们结合起来。

    https://github.com/tigera/canal/tree/master/k8s-install

    项目主页:

    https://github.com/projectcalico/canal

    安装:

    https://projectcalico.docs.tigera.io/getting-started/kubernetes/flannel/flannel

  • Cilium (插件) is a L3 network and network policy plugin that can enforce HTTP/API/L7 policies transparently. Both routing and overlay/encapsulation mode are supported, and it can work on top of other CNI plugins.

    一个L2网络,精确地表示了一个二层网络广播域的,是所有网络元素的基础。在L2网络之上,有各种L3网络和网络服务提供模块;一个L3网络()是一个与网络服务相关的子网;尽管一个L2网络通常只包含一个L3网络,只要L3网络的IP段不冲突,多个L3网络可以并存于同一L2网络。一个L3网络可能有一个或多个属于同一子网的IP段,IP地址分段的目的是为了让用户保留一部分来自子网的IP。网络服务,类似于DHCP、DNS,由绑定到一个L2网络上的提供器提供给L3网络。

    L2网络提供一种二层网络隔离的方式,而L3网络主要和OSI七层模型中第4层~第7层网络服务相对应

    Cilium是一个L3网络和网络策略插件,可以透明地执行HTTP/API/L7策略。路由和覆盖/封装模式都受支持,可以在其他CNI插件上工作。

    代码: https://github.com/cilium/cilium

    下面是cilium主页上的介绍:

    Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes.

    Cilium是一种开源软件,用于提供并透明地保护网络连接和应用程序工作负载(如应用程序容器或进程)之间的负载平衡。Cilium在第3/4层运行,提供传统的网络和安全服务,在第7层运行,以保护和安全使用现代应用程序协议,如HTTP、gRPC和Kafka。Cilium被集成到常见的编排框架中,比如Kubernetes。

    A new Linux kernel technology called eBPF is at the foundation of Cilium. It supports dynamic insertion of eBPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. eBPF is highly efficient and flexible. To learn more about eBPF, visit eBPF.io.

    一种名为eBPF的新的Linux内核技术是Cilium的基础。它支持在各种集成点(例如:网络IO、应用程序套接字和跟踪点)将eBPF字节码动态插入Linux内核,以实现安全性、网络和可见性逻辑。eBPF高效灵活。要了解更多关于eBPF的信息,请访问eBPF。伊奥。

     

     网络模型如下:

     

     简单介绍下eBPF,它 是 Linux 内核中一个非常灵活与高效的类虚拟机 (virtual machine-like) 组件, 能够在许多内核 hook 点安全地执行字节码 (bytecode)。很多内核子系统都已经使用了 BPF,例如常见的网络、跟踪与安全。

    eBPF 基金会 (https://ebpf.io) 是一个为 eBPF 技术而创建的非盈利性组织,隶属于 Linux 基金会,其意在推动 eBPF 更好地发展,使其得到更加广泛的运用

    https://www.kernel.org/doc/html/latest/networking/filter.html#ebpf-opcode-encoding

    //关于eBPF资料也比较丰富,这里就不细说了.

  • CNI-Genie enables Kubernetes to seamlessly connect to a choice of CNI plugins, such as Calico, Canal, Flannel, Romana, or Weave.

    使Kubernetes能够无缝连接到CNI插件选项,如 Calico, Canal, Flannel, Romana, or Weave。

    主页地址: https://github.com/Huawei-PaaS/CNI-Genie

                  https://github.com/cni-genie/CNI-Genie/



  • Contiv (cni插件)provides configurable networking (native L3 using BGP, overlay using vxlan, classic L2, and Cisco-SDN/ACI) for various use cases and a rich policy framework.Contiv project is fully open sourced. The installer provides both kubeadm and non-kubeadm based installation options.
  • 官方地址:https://contivpp.io/

    为各种用例和丰富的策略框架提供可配置的网络(使用BGP的本机L3,使用vxlan、classic L2和Cisco SDN/ACI的覆盖)。

    Contiv项目是完全开源的。安装程序同时提供基于kubeadm和非kubeadm的安装选项。

    代码地址:https://github.com/contiv 
    安装: https://github.com/contiv/install

    什么是sdn : https://www.juniper.net/us/en/research-topics/what-is-sdn.html

  • Contrail 插件
  • Contrail, based on Tungsten Fabric, is an open source, multi-cloud network virtualization and policy management platform. 
    Contrail and Tungsten Fabric are integrated with orchestration systems such as Kubernetes, OpenShift, OpenStack and Mesos, and provide isolation modes for virtual machines, containers/pods and bare metal workloads.

    Contrail基于Wonder Fabric,是一个开源的多云网络虚拟化和策略管理平台。Contrail 和Tungsten Fabric与编排系统(如Kubernetes、OpenShift、OpenStack和Mesos)集成,并为虚拟机、containers/pods和裸机workloads提供隔离模式。

    Contrail https://www.juniper.net/us/en/products/sdn-and-orchestration/contrail/cloud-native-contrail-networking.html

    Tungsten Fabric主页的md:https://github.com/tungstenfabric/tf-specs/blob/master/deprecating-discovery-4.0.md

  • Flannel插件
    • Flannel is an overlay network provider that can be used with Kubernetes.
    • Flannel是一个overlay 网络提供商,可与Kubernetes一起使用。
    • 官方代码版本: https://github.com/coreos/flannel/releases
    • 官方: https://github.com/coreos/flannel
    • https://projectcalico.docs.tigera.io/getting-started/kubernetes/flannel/flannel
  • Knitter 插件
    • Knitter is a plugin to support multiple network interfaces in a Kubernetes pod.
    • Knitter 是一个插件,支持Kubernetes pod中的多个网络接口。
    • Multus is a Multi plugin for multiple network support in Kubernetes to support all CNI plugins (e.g. Calico, Cilium, Contiv, Flannel), in addition to SRIOV, DPDK, OVS-DPDK and VPP based workloads in Kubernetes.
    • Multus是Kubernetes中支持多个网络的多插件,除了支持Kubernetes中基于SRIOV、DPDK、OVS-DPDK和VPP的工作负载外,
      还支持所有CNI插件(例如Calico、Cilium、Contiv、Flannel)。
  • OVN-Kubernetes插件

    OVN-Kubernetes is a networking provider for Kubernetes based on OVN (Open Virtual Network), a virtual networking implementation that came out of the Open vSwitch (OVS) project. OVN-Kubernetes provides an overlay based networking implementation for Kubernetes, including an OVS based implementation of load balancing and network policy.

    OVN-Kubernetes是基于OVN (Open Virtual Network)的Kubernetes网络提供商,OVN是一种虚拟网络实现,来自开放虚拟交换机(OVS)项目。OVN Kubernetes为Kubernetes提供了基于overlay 的网络实现,包括基于OVS的负载平衡和网络策略实现。

     Overlay 在网络技术领域,指的是一种网络架构上叠加的虚拟化技术模式

  • OVN4NFV-K8S-Plugin插件

    OVN4NFV-K8S-Plugin is OVN based CNI controller plugin to provide cloud native based Service function chaining(SFC), Multiple OVN overlay networking, dynamic subnet creation, dynamic creation of virtual networks, VLAN Provider network, Direct provider network and pluggable with other Multi-network plugins, ideal for edge based cloud native workloads in Multi-cluster networking

    OVN4NFV-K8S-Plugin是基于OVN的CNI控制器插件,提供基于云本地的服务功能链(SFC)、多个OVN覆盖网络、动态子网创建、虚拟网络动态创建、VLAN提供商网络、直接提供商网络,并可与其他多网络插件插入,是多集群网络中基于边缘的云本地工作负载的理想选择

  • NSX-T 插件
  • NSX-T Container Plug-in (NCP) provides integration between VMware NSX-T and container orchestrators such as Kubernetes, as well as integration between NSX-T and container-based CaaS/PaaS platforms such as Pivotal Container Service (PKS) and OpenShift.

    NSX-T容器插件(NCP)提供了VMware NSX-T与Kubernetes等容器编排器之间的集成,以及NSX-T与Pivotal Container Service(PKS)和OpenShift等基于容器的CaaS/PaaS平台之间的集成

  • Nuage 插件
    • Nuage is an SDN platform that provides policy-based networking between Kubernetes Pods and non-Kubernetes environments with visibility and security monitoring.
    • Romana is a Layer 3 networking solution for pod networks that also supports the NetworkPolicy API. Kubeadm add-on installation details available here.

    Nuage是一个SDN平台,在Kubernetes吊舱和非Kubernetes环境之间提供基于策略的网络,并提供可见性和安全监控。Romana是pod网络的第三层网络解决方案,也支持NetworkPolicy API。Kubeadm附加组件安装详细信息可在此处获得。

  • Weave Net 插件
    • Weave Net provides networking and network policy, will carry on working on both sides of a network partition, and does not require an external database.

    Weave Net提供网络和网络策略,将在网络分区的两侧进行工作,不需要外部数据库。

Service Discovery(服务发现)

  • CoreDNS is a flexible, extensible DNS server which can be installed as the in-cluster DNS for pods.
  • CoreDNS 是一个灵活、可扩展的DNS server,可以被安装作为pods集群内的DNS,(Kubernetes 早期用的是kube-dns)

Visualization & Control(可视化与控制)

  • Dashboard is a dashboard web interface for Kubernetes.
  • Dashboard 是Kubernetes的Dashboard web界面

  • Weave Scope is a tool for graphically visualizing your containers, pods, services etc. Use it in conjunction with a Weave Cloud account or host the UI yourself.
  • Weave Scope是一个用于以图形方式可视化containers、pods、services 等的工具。将其与Weave Cloud account 结合使用或自行托管UI。

Infrastructure(基础设施)

  • KubeVirt is an add-on to run virtual machines on Kubernetes. Usually run on bare-metal clusters.
  • KubeVirt是在Kubernetes上运行虚拟机的附加组件。通常在裸机集群上运行

  • The node problem detector runs on Linux nodes and reports system issues as either Events or Node conditions.
  • 节点问题检测器在Linux节点上运行,并将系统问题报告为事件或节点状况。

Legacy Add-ons(遗留附加组件)

There are several other add-ons documented in the deprecated cluster/addons directory.

Well-maintained ones should be linked to here. PRs welcome!

Items on this page refer to third party products or projects that provide functionality required by Kubernetes. The Kubernetes project authors aren't responsible for those third-party products or projects. See the CNCF website guidelines for more details.

You should read the content guide before proposing a change that adds an extra third-party link.

 

posted @ 2022-05-14 16:09  jinzi  阅读(262)  评论(0编辑  收藏  举报