Kindnet

Install kindnet with latest version using command:

kubectl apply -f https://raw.githubusercontent.com/aojea/kindnet/main/install-kindnet.yaml

Check, if it's running:

kubectl get nodes -o wide

NAME                     STATUS   ROLES           AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION     CONTAINER-RUNTIME
home-lab-control-plane   Ready    control-plane   13m   v1.27.3   172.18.0.3    <none>        Debian GNU/Linux 11 (bullseye)   6.10.14-linuxkit   containerd://1.7.1
home-lab-worker          Ready    <none>          13m   v1.27.3   172.18.0.2    <none>        Debian GNU/Linux 11 (bullseye)   6.10.14-linuxkit   containerd://1.7.1
home-lab-worker2         Ready    <none>          13m   v1.27.3   172.18.0.4    <none>        Debian GNU/Linux 11 (bullseye)   6.10.14-linuxkit   containerd://1.7.1

kubectl get pods -n kube-system

NAME                                             READY   STATUS    RESTARTS   AGE
coredns-5d78c9869d-cfzwx                         1/1     Running   0          13m
coredns-5d78c9869d-qmztf                         1/1     Running   0          13m
etcd-home-lab-control-plane                      1/1     Running   0          13m
kindnet-5ss45                                    1/1     Running   0          12m
kindnet-f7xw6                                    1/1     Running   0          12m
kindnet-vvp24                                    1/1     Running   0          12m
kube-apiserver-home-lab-control-plane            1/1     Running   0          13m
kube-controller-manager-home-lab-control-plane   1/1     Running   0          13m
kube-proxy-kdzkl                                 1/1     Running   0          13m
kube-proxy-wl22j                                 1/1     Running   0          13m
kube-proxy-wp2gb                                 1/1     Running   0          13m
kube-scheduler-home-lab-control-plane            1/1     Running   0          13m

Kindnet logs can be verfied by commands:

kubectl -n kube-system logs kindnet-v4djh -f

Check kindnet configuration on control plane node:

docker exec -it home-lab-control-plane bash

more /etc/cni/net.d/10-kindnet.conflist

{
  "cniVersion": "0.4.0",
  "name": "kindnet",
  "plugins": [
    {
      "type": "cni-kindnet",
      "ranges": [
        "192.168.0.0/24"
      ],
      "capabilities": {"portMappings": true}
    }
  ]
}

Check kindnet on pod:

kubectl -n kube-system get pod | grep kindnet

kindnet-5ss45                                    1/1     Running   0          33m
kindnet-f7xw6                                    1/1     Running   0          33m
kindnet-vvp24                                    1/1     Running   0          33m

kubectl -n kube-system exec -it kindnet-5ss45 -- sh

wget -qO- http://localhost:19080/metrics

...
TYPE process_open_fds gauge
process_open_fds 13
# HELP process_resident_memory_bytes Resident memory size in bytes.
# TYPE process_resident_memory_bytes gauge
process_resident_memory_bytes 5.9019264e+07
# HELP process_start_time_seconds Start time of the process since unix epoch in seconds.
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1.73827243737e+09
# HELP process_virtual_memory_bytes Virtual memory size in bytes.
# TYPE process_virtual_memory_bytes gauge
process_virtual_memory_bytes 1.31465216e+09
# HELP process_virtual_memory_max_bytes Maximum amount of virtual memory available in bytes.
# TYPE process_virtual_memory_max_bytes gauge
process_virtual_memory_max_bytes 1.8446744073709552e+19
# HELP promhttp_metric_handler_requests_in_flight Current number of scrapes being served.
# TYPE promhttp_metric_handler_requests_in_flight gauge
promhttp_metric_handler_requests_in_flight 1
# HELP promhttp_metric_handler_requests_total Total number of scrapes by HTTP status code.
# TYPE promhttp_metric_handler_requests_total counter
promhttp_metric_handler_requests_total{code="200"} 0
promhttp_metric_handler_requests_total{code="500"} 0
promhttp_metric_handler_requests_total{code="503"} 0

wget -qO- http://localhost:19080/debug/pprof/cmdline

/bin/kindnetd--hostname-override=home-lab-control-plane--network-policy=true--admin-network-policy=false--baseline-admin-network-policy=false--masquerading=true--dns-caching=true--disable-cni=false--fastpath-threshold=20--ipsec-overlay=false--nat64=true--v=2/

Kindnet lightweight daemon binary file is located in:

/bin/kindnetd

CNI plugin binary file is located in:

/opt/cni/bin/cni-kindnet

SQLite3 database is used on workers (not control plane) and files are located in:

ls -la /var/lib/cni-kindnet

-rw-r--r--    1 root     root          4096 Feb  2 20:30 cni.db
-rw-r--r--    1 root     root         32768 Feb  2 20:30 cni.db-shm
-rw-r--r--    1 root     root        127752 Feb  2 20:30 cni.db-wal

Database can be checked locally by installing and copying file:

brew install sqlite
kubectl cp kube-system/kindnet-f42qw:/var/lib/cni-kindnet/cni.db cni.db
kubectl cp kube-system/kindnet-f42qw:/var/lib/cni-kindnet/cni.db-wal cni.db-wal
kubectl cp kube-system/kindnet-f42qw:/var/lib/cni-kindnet/cni.db--shm cni.db-shm

Then content can be verified by command:

sqlite3 cni.db

SQLite version 3.43.2 2023-10-10 13:08:14
Enter ".help" for usage hints.

sqlite> .tables
ipam_ranges      pods             portmap_entries

sqlite> select * from pods limit 1;
188788c1f427c9e0e33582a8760d64a656f42d7cc7c45291b05d47c64cbc2df6|coredns-7c65d6cfc9-ph8qk|kube-system|2ebc0bda-ccc6-4b3d-8fc4-f08e354141f2|/var/run/netns/cni-9d0d509d-8768-ca43-b05d-e1d2bad4bea2|192.168.1.153||192.168.1.0||knet88402eef|65535|2025-02-02 20:30:24

sqlite> select * from portmap_entries;

sqlite> select * from ipam_ranges;
1|192.168.1.0/24|

Understand Kubernetes networking

Kindnet