Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It provisions and maintains the lifecycle of containers. During provisioning of the new containers, it assigns IP addresses to the containers. The purpose of the TCPWave‘s Kubernetes integration is to capture these IP addresses into the IPAM and release the IP addresses when the container is destroyed.
Each networking plugin has its own approach to IP address management. The simplest approach is to use the built-in static IP allocation provided by the Kubernetes which is very basic and IP addresses cannot be tracked. To overcome this limitation TCPWave has come up with its own CNI (Container Networking Interface) plugin and makes the tracking and the visibility of these IP addresses much simpler.
In order to achieve this, TCPWave‘s product engineering team has built a plugin aligned to the CNI specifications. This plugin will focus on assigning and reclaiming the IP addresses to and from the containers. TCPWave does not provide basic authentication and uses only SSL certificates for communicating with the IPAM. This feature makes TCPWave‘s IPAM much more secure compared to the plain text authentication performed in the alternate DDI solutions.
CNI plugin is designed in the GO language. It leverages the inbuilt libraries of Kubernetes leading to smoother integration. This plugin comprises of three components:
The diagram displayed below depicts the interaction of IPAM, CNI-Plugin, CNI-Daemon and Containers of a Kubernetes setup of 3 nodes with 1 master and 2 workers. It is important that the plugin and daemon should be configured with proper client certificates on all nodes before provisioning any containers in the cluster.