TCPWave Kubernetes Integrations

Integration of TCPWave IPAM and Kubernetes via CNI Plugin

Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It provisions and maintains the lifecycle of containers. During provisioning of the new containers, it assigns IP addresses to the containers. The purpose of the TCPWave's Kubernetes integration is to capture these IP addresses into the IPAM and release the IP addresses when the container is destroyed.

Each networking plugin has its own approach to IP address management. The simplest approach is to use the built-in static IP allocation provided by the Kubernetes which is extremely basic and IP addresses cannot be tracked. To overcome this limitation TCPWave has come up its own CNI (Container Networking Interface) plugin and makes the tracking and the visibility of these IP addresses much simpler.

To achieve this, TCPWave's product engineering team has built a plugin aligned to the CNI specifications. This plugin will focus on assigning and reclaiming the IP addresses to and from the containers. TCPWave does not provide basic authentication and uses only SSL certificates for communicating with the IPAM. This feature makes TCPWave's IPAM much more secure compared to the plain text authentication performed in the alternate DDI solutions.

CNI Plugin

CNI plugin is designed in the GO language. It leverages the inbuilt libraries of Kubernetes leading to smoother integration. This plugin comprises of three components:

  • tims-go-client: This library is written in the GO to communicate with the IPAM for creating/deleting Networks, Subnets and IP addresses.
  • cni-daemon: The primary function of this agent is to act as a bridge between the cni-plugin and the IPAM. This agent uses tims-go-client to communicate with the IPAM and make calls for IP allocation and deletion. This process runs as a daemon and takes the input from cni-plugin.
  • cni-plugin: This is the actual plugin that gets invoked by the Kubernetes framework for the provisioning and deletion of the containers. This plugin reads the input provided by Kubernetes and passes the necessary information to the cni-daemon.

The diagram displayed below depicts the interaction of IPAM, CNI-Plugin, CNI-Daemon and Containers of a Kubernetes setup of 3 nodes with 1 master and 2 workers. It is important that the plugin and daemon should be configured with proper client certificates on all nodes before provisioning any containers in the cluster.