Donavan Fritz
2082df37e5
Build flock Image / build (push) Has been cancelled
Reverts the eth0-placement hack from e1e9544. The design doc's lo
placement is correct.
Real fix: the host's anycast /128 (or /32) route now uses the pod's own
eth0 unicast IP (same family) as the route's `via` next-hop. The kernel
then does NDP/ARP for that eth0 IP — which IS configured on the pod's
eth0 — so the pod responds normally with no proxy_ndp / proxy_arp
trickery on the anycast IP itself.
ip -6 route add <anycast>/128 via <pod-eth0-v6> dev flock<8hex>
ip -4 route add <anycast>/32 via <pod-eth0-v4> dev flock<8hex>
Validation: an anycast IP whose family the pod doesn't have a unicast
for is skipped with a warn (an v4 anycast on an IPv6-only pod cannot be
NDP-resolved this way; require dual-stack).
Bonus cleanup: ESRCH from RouteDel is treated as success (idempotent).
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
flock
Kubernetes CNI for sjc001. Per-pod IPv4 opt-in, IID embedding, Ready-gated anycast via BGP.
Design doc: k8s-manager/dfritz-cni.md (in the operator's k8s-manager repo).
Status: M1 scaffold. Not functional. See milestones table in the design doc.
Layout
cmd/flock— CNI plugin binary (kubelet-invoked)cmd/flock-agent— DaemonSet binarypkg/api/v1alpha1—NodeConfigCRD typespkg/cni— CNI plugin internals + RPC clientpkg/agent— agent server, IPAM, state file, anycast, NetworkPolicypkg/embed—ip-algoIID embedding (pure)pkg/routing/{bird,ospf}— routing backendsdeploy/— CRDs, RBAC, DaemonSet manifests
License
Apache 2.0.