fritzlab-public/flock
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17 Commits 1 Branch 0 Tags
3117d002103a75ea16b710c04f1a24ca96fd23fe
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Donavan Fritz 3117d00210
Build flock Image / build (push) Has been cancelled
Details
bird: declare anycast as protocol static; filter static→kernel export 
Two coupled changes that fix the anycast advertisement path:

1. Add anycast /128 + /32 prefixes as `route … blackhole` lines in the
   protocol static stanzas. BIRD's master tables pick them up at
   preference 200 — higher than kernel-learned routes — so they're the
   ones the BGP export filter sees.

2. The kernel protocol's export filter now rejects RTS_STATIC. Without
   this, BIRD would push its blackhole back into the kernel, clobbering
   the agent-installed `<anycast> via <pod-eth0> dev flock<8hex>` route
   that's actually responsible for forwarding to the pod.

Result: BIRD has the route to advertise via BGP; the kernel has the
right route to forward; nothing fights over the kernel table.

Replaces the abandoned `gateway recursive` attempt — that's a BIRD 1.x
keyword, not BIRD 2.15.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-25 08:16:45 -05:00
.gitea/workflows
ci: move go test into Dockerfile build stage
2026-04-24 21:19:10 -05:00
cmd
M2: netlink, IPAM/handler wiring, BIRD sidecar, CNI installer
2026-04-24 22:33:48 -05:00
deploy
agent: maintain NetworkUnavailable=False on owned nodes
2026-04-24 23:11:47 -05:00
pkg
bird: declare anycast as protocol static; filter static→kernel export
2026-04-25 08:16:45 -05:00
.dockerignore
flock M1 scaffold: CNI plugin + agent + NodeConfig CRD
2026-04-24 21:17:42 -05:00
Dockerfile
ci: fix bird package name (alpine ships 'bird', not 'bird2')
2026-04-24 22:36:15 -05:00
go.mod
M2: netlink, IPAM/handler wiring, BIRD sidecar, CNI installer
2026-04-24 22:33:48 -05:00
go.sum
M2: netlink, IPAM/handler wiring, BIRD sidecar, CNI installer
2026-04-24 22:33:48 -05:00
LICENSE
flock M1 scaffold: CNI plugin + agent + NodeConfig CRD
2026-04-24 21:17:42 -05:00
README.md
flock M1 scaffold: CNI plugin + agent + NodeConfig CRD
2026-04-24 21:17:42 -05:00

README.md

flock

Kubernetes CNI for sjc001. Per-pod IPv4 opt-in, IID embedding, Ready-gated anycast via BGP.

Design doc: k8s-manager/dfritz-cni.md (in the operator's k8s-manager repo).

Status: M1 scaffold. Not functional. See milestones table in the design doc.

Layout

  • cmd/flock — CNI plugin binary (kubelet-invoked)
  • cmd/flock-agent — DaemonSet binary
  • pkg/api/v1alpha1NodeConfig CRD types
  • pkg/cni — CNI plugin internals + RPC client
  • pkg/agent — agent server, IPAM, state file, anycast, NetworkPolicy
  • pkg/embedip-algo IID embedding (pure)
  • pkg/routing/{bird,ospf} — routing backends
  • deploy/ — CRDs, RBAC, DaemonSet manifests

License

Apache 2.0.

Reference in New Issue View Git Blame Copy Permalink
S
Description
Kubernetes CNI for sjc001 — per-pod IPv4 opt-in, IID embedding, Ready-gated anycast via BGP
Readme 450 KiB
Languages
Go 99.7%
Dockerfile 0.3%