Patu is a lightweight networking solution for low footprint (CPU, Memory, Disk) container orchestrators targeted to manage resource constrained compute devices, such as Edge Devices.

It's an attempt to build CNI that is driven by the Edge related use cases and targeted for resource constraint deployment environment. Please read here for more details about the challenge and the goal.

Currently Patu CNI supports Pod-to-Pod networking and Cluster IP implementation. Pod-to-Pod networking is enabled through Bridge CNI with eBPF based socket redirection. Cluster IP support is provided through the Kube Proxy Next Generation eBPF based backend. If you want to use Patu CNI binary with the existing kube-proxy implementation, please refer to the instructions for specific cluster environment in /deploy/ directory. Node Port service and Networking Policy support is currently under development and will land soon.

These instructions are to deploy Patu CNI with single node kubernetes, but if you are looking for detail instructions to setup Patu CNI to different environment (Kind, Microshift), please refer to the relevant documents in the ./deploy/ directory.

Easiest way to deploy and play with Patu CNI is to deploy a single node kubernetes with --pod-network-cidr=10.200.0.0/16. Currently Patu CNI is tested with kernel version 5.15 (specifically Ubuntu 22.04), so we would recommend to create a Ubuntu 22.04 VM/server as your playground.

• Install single node kubernetes

  
  kubeadm init  --upload-certs --pod-network-cidr=10.200.0.0/16 --v=6 --skip-phases=addon/kube-proxy
  

  Pod's state before CNI deployment

  # kubectl get pods -A
  NAMESPACE     NAME                                     READY   STATUS    RESTARTS      AGE
  kube-system   coredns-6d4b75cb6d-dhv78                 0/1     Pending   0             4s
  kube-system   coredns-6d4b75cb6d-wfwbh                 0/1     Pending   0             4s
  kube-system   etcd-kubernetes2204                      1/1     Running   715           15s
  kube-system   kube-apiserver-kubernetes2204            1/1     Running   2 (15m ago)   15s
  kube-system   kube-controller-manager-kubernetes2204   1/1     Running   2             15s
  kube-system   kube-scheduler-kubernetes2204            1/1     Running   2             15s
  

• Clone the patu repo.

  
  git clone https://github.com/redhat-et/patu.git
  

• Deploy the Patu CNI

  
  cd patu
  ./deploy/kubernetes/patu-installer apply all
  

  Installer will deploy the patu manifest as well as KPNG eBPF manifest. Pod's status after CNI deployment

  # kubectl get pods -A -o wide
  NAMESPACE     NAME                                     READY   STATUS    RESTARTS      AGE   IP                NODE             NOMINATED NODE   READINESS GATES
  kube-system   coredns-6d4b75cb6d-dhv78                 1/1     Running   0             38m   10.200.0.3        kubernetes2204              
  kube-system   coredns-6d4b75cb6d-wfwbh                 1/1     Running   0             38m   10.200.0.2        kubernetes2204              
  kube-system   etcd-kubernetes2204                      1/1     Running   715           38m   192.168.122.229   kubernetes2204              
  kube-system   kpng-sqwts                               3/3     Running   0             69s   192.168.122.229   kubernetes2204              
  kube-system   kube-apiserver-kubernetes2204            1/1     Running   2 (54m ago)   38m   192.168.122.229   kubernetes2204              
  kube-system   kube-controller-manager-kubernetes2204   1/1     Running   2             38m   192.168.122.229   kubernetes2204              
  kube-system   kube-scheduler-kubernetes2204            1/1     Running   2             38m   192.168.122.229   kubernetes2204              
  kube-system   patu-jtw85                               1/1     Running   0             70s   192.168.122.229   kubernetes2204              
  

Once you deploy patu, coredns pods should be in the running state and should have IP address from the provide cidr. On your kubernetes node, install the bpftool (ensure you install the tool for the kernel version currently running), and run the following command

#bpftool prog list
...
...
393: cgroup_sock_addr  name sock4_connect  tag 59372233301aea77  gpl
	loaded_at 2022-08-22T19:08:10+0000  uid 0
	xlated 1000B  jited 625B  memlock 4096B  map_ids 28,29
	btf_id 102
397: sock_ops  name patu_sockops  tag a11096f06c210cab  gpl
	loaded_at 2022-08-22T19:08:11+0000  uid 0
	xlated 1248B  jited 727B  memlock 4096B  map_ids 31
	btf_id 108
401: sk_msg  name patu_skmsg  tag 6736c050a3a25de2  gpl
	loaded_at 2022-08-22T19:08:12+0000  uid 0
	xlated 952B  jited 595B  memlock 4096B  map_ids 31
	btf_id 114
405: cgroup_sock_addr  name patu_sendmsg4  tag d439a92f479811d9  gpl
	loaded_at 2022-08-22T19:08:13+0000  uid 0
	xlated 336B  jited 203B  memlock 4096B
	btf_id 120
409: cgroup_sock_addr  name patu_recvmsg4  tag 06b0a415da0c17e5  gpl
	loaded_at 2022-08-22T19:08:13+0000  uid 0
	xlated 336B  jited 203B  memlock 4096B
	btf_id 126
  ...
  ...
  

  ./deploy/kubernetes/patu-installer delete all
  

It will remove all the resources deployed through Patu and KPNG manifest.

Notes: Given that Patu CNI is targeted for single node, you need to remove the control-plane & master taint from the node to deploy any workload.

kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master-

• kind - Local Kind Kubernetes clusters primarily designed for testing Kubernetes
• Kubernetes - Single Node Kubernetes cluster
• Microshift - OpenShift/Kubernetes optimized for the device edge

This project work is in incubation state, so there are multiple open questions on the design of various CNI features (e.g Ingress, Network Policy), and we will address those as we progress.