Add kindnet network plugin

cmd/kops/create_cluster.go

@@ -314,7 +314,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.Flags().StringVar(&options.EtcdStorageType, "etcd-storage-type", options.EtcdStorageType, "The default storage type for etcd members")
 	cmd.RegisterFlagCompletionFunc("etcd-storage-type", completeStorageType)
 
-	cmd.Flags().StringVar(&options.Networking, "networking", options.Networking, "Networking mode.  kubenet, external, flannel-vxlan (or flannel), flannel-udp, calico, canal, kube-router, amazonvpc, cilium, cilium-etcd, cni.")
+	cmd.Flags().StringVar(&options.Networking, "networking", options.Networking, "Networking mode.  kubenet, external, flannel-vxlan (or flannel), flannel-udp, calico, canal, kube-router, amazonvpc, cilium, cilium-etcd, kindnet, cni.")
 	cmd.RegisterFlagCompletionFunc("networking", completeNetworking(options))
 
 	cmd.Flags().StringVar(&options.DNSZone, "dns-zone", options.DNSZone, "DNS hosted zone (defaults to longest matching zone)")
@@ -983,6 +983,7 @@ func completeNetworking(options *CreateClusterOptions) func(cmd *cobra.Command,
 			"cilium",
 			"cilium-eni",
 			"cilium-etcd",
+			"kindnet",
 		}
 
 		if !options.IPv6 {

cmd/kops/integration_test.go

@@ -218,6 +218,7 @@ const (
 	canalAddon   = "networking.projectcalico.org.canal-k8s-1.25"
 	ciliumAddon  = "networking.cilium.io-k8s-1.16"
 	flannelAddon = "networking.flannel-k8s-1.25"
+	kindnetAddon = "networking.kindnet-k8s-1.32"
 
 	certManagerAddon         = "certmanager.io-k8s-1.16"
 	clusterAutoscalerAddon   = "cluster-autoscaler.addons.k8s.io-k8s-1.15"
@@ -618,6 +619,15 @@ func TestPrivateFlannel(t *testing.T) {
 		runTestTerraformAWS(t)
 }
 
+// TestPrivateKindnet runs the test on a configuration with private topology, flannel networking
+func TestPrivateKindnet(t *testing.T) {
+	newIntegrationTest("privatekindnet.example.com", "privatekindnet").
+		withPrivate().
+		withDefaultAddons30().
+		withAddons(kindnetAddon).
+		runTestTerraformAWS(t)
+}
+
 // TestPrivateCalico runs the test on a configuration with private topology, calico networking
 func TestPrivateCalico(t *testing.T) {
 	newIntegrationTest("privatecalico.example.com", "privatecalico").

docs/networking.md

@@ -23,6 +23,7 @@ As of kOps 1.26 the default network provider is Cilium. Prior to that the defaul
 | Cilium ENI       |         1.18 |   1.26 |          - |               - |
 | Flannel udp      |        1.5.2 |      - |       1.27 | Kubernetes 1.28 |
 | Flannel vxlan    |        1.8.0 |      - |       1.27 | Kubernetes 1.28 |
+| Kindnet          |         1.32 |      - |          - |               - |
 | Kopeio           |          1.5 |      - |          - |               - |
 | Kube-router      |        1.6.2 |      - |       1.27 | Kubernetes 1.28 |
 | Kubenet          |          1.5 |    1.5 |          - |               - |
@@ -69,6 +70,7 @@ Several CNI providers are currently built into kOps:
 * [Canal](networking/canal.md)
 * [Cilium](networking/cilium.md)
 * [Flannel](networking/flannel.md)
+* [Kindnet](networking/kindnet.md)
 * [Kube-router](networking/kube-router.md)
 
 kOps makes it easy for cluster operators to choose one of these options. The manifests for the providers

docs/networking/kindnet.md

@@ -0,0 +1,30 @@
+# Kindnet
+
+***Kindnet support is experimental, and may be removed at any time***
+
+## Introduction
+
+* [kindnet](http://kindnet.es)
+
+Kindnet focuses on providing essential networking functionality without unnecessary complexity.
+
+## Installing
+
+To install [kindnet](https://github.com/aojea/kindnet) - use `--networking kindnet`.
+
+```sh
+export ZONES=mylistofzone
+kops create cluster \
+  --zones $ZONES \
+  --networking kindnet \
+  --yes \
+  --name myclustername.mydns.io
+```
+
+## Getting help
+
+For problems with kindnet please post an issue to Github:
+
+- [Kindnet Issues](https://github.com/aojea/kindnet/issues)
+
+You can learn more about the different configurations options in https://kindnet.es/

k8s/crds/kops.k8s.io_clusters.yaml

@@ -5773,6 +5773,39 @@ spec:
                     description: GCPNetworkingSpec is the specification of GCP's native
                       networking mode, using IP aliases.
                     type: object
+                  kindnet:
+                    description: KindnetNetworkingSpec configures Kindnet settings.
+                    properties:
+                      adminNetworkPolicies:
+                        type: boolean
+                      baselineAdminNetworkPolicies:
+                        type: boolean
+                      dnsCaching:
+                        type: boolean
+                      fastPathThreshold:
+                        format: int32
+                        type: integer
+                      logLevel:
+                        format: int32
+                        type: integer
+                      masquerade:
+                        description: KindnetMasqueradeSpec configures Kindnet masquerading
+                          settings.
+                        properties:
+                          enabled:
+                            type: boolean
+                          nonMasqueradeCIDRs:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      nat64:
+                        type: boolean
+                      networkPolicies:
+                        type: boolean
+                      version:
+                        type: string
+                    type: object
                   kopeio:
                     description: KopeioNetworkingSpec declares that we want Kopeio
                       networking

nodeup/pkg/model/networking/kindnet.go

@@ -0,0 +1,38 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package networking
+
+import (
+	"k8s.io/kops/nodeup/pkg/model"
+	"k8s.io/kops/upup/pkg/fi"
+)
+
+// KindnetBuilder for Kindnet
+type KindnetBuilder struct {
+	*model.NodeupModelContext
+}
+
+var _ fi.NodeupModelBuilder = &KindnetBuilder{}
+
+// Build is responsible for performing setup for Kindnet.
+func (b *KindnetBuilder) Build(c *fi.NodeupModelBuilderContext) error {
+	if b.NodeupConfig.Networking.Kindnet == nil {
+		return nil
+	}
+
+	return nil
+}

pkg/apis/kops/networking.go

@@ -78,6 +78,7 @@ type NetworkingSpec struct {
 	Cilium     *CiliumNetworkingSpec     `json:"cilium,omitempty"`
 	LyftVPC    *LyftVPCNetworkingSpec    `json:"lyftvpc,omitempty"`
 	GCP        *GCPNetworkingSpec        `json:"gcp,omitempty"`
+	Kindnet    *KindnetNetworkingSpec    `json:"kindnet,omitempty"`
 }
 
 // UsesKubenet returns true if our networking is derived from kubenet
@@ -553,3 +554,29 @@ type LyftVPCNetworkingSpec struct {
 
 // GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases.
 type GCPNetworkingSpec struct{}
+
+// KindnetNetworkingSpec configures Kindnet settings.
+type KindnetNetworkingSpec struct {
+	// Version is the version of the kindnet agent.
+	// Default: v1.8.0
+	Version string `json:"version,omitempty"`
+	// Enable network policies
+	NetworkPolicies              *bool `json:"networkPolicies,omitempty"`
+	AdminNetworkPolicies         *bool `json:"adminNetworkPolicies,omitempty"`
+	BaselineAdminNetworkPolicies *bool `json:"baselineAdminNetworkPolicies,omitempty"`
+	// enable dns caching
+	DNSCaching *bool `json:"dnsCaching,omitempty"`
+	// enable nat64 on ipv6 clusters
+	NAT64 *bool `json:"nat64,omitempty"`
+	// number of packets in a connection to offload it to the fast path
+	FastPathThreshold *int32 `json:"fastPathThreshold,omitempty"`
+	// node agent masquerading rules
+	Masquerade *KindnetMasqueradeSpec `json:"masquerade,omitempty"`
+	// log level
+	LogLevel *int32 `json:"logLevel,omitempty"`
+}
+
+type KindnetMasqueradeSpec struct {
+	Enabled            *bool    `json:"enabled,omitempty"`
+	NonMasqueradeCIDRs []string `json:"nonMasqueradeCIDRs,omitempty"`
+}

pkg/apis/kops/v1alpha2/networking.go

@@ -49,12 +49,13 @@ type NetworkingSpec struct {
 	Cilium     *CiliumNetworkingSpec     `json:"cilium,omitempty"`
 	LyftVPC    *LyftVPCNetworkingSpec    `json:"lyftvpc,omitempty"`
 	GCP        *GCPNetworkingSpec        `json:"gce,omitempty"`
+	Kindnet    *KindnetNetworkingSpec    `json:"kindnet,omitempty"`
 }
 
 func (s *NetworkingSpec) IsEmpty() bool {
 	return s.Classic == nil && s.Kubenet == nil && s.External == nil && s.CNI == nil && s.Kopeio == nil &&
 		s.Weave == nil && s.Flannel == nil && s.Calico == nil && s.Canal == nil && s.KubeRouter == nil &&
-		s.Romana == nil && s.AmazonVPC == nil && s.Cilium == nil && s.LyftVPC == nil && s.GCP == nil
+		s.Romana == nil && s.AmazonVPC == nil && s.Cilium == nil && s.LyftVPC == nil && s.GCP == nil && s.Kindnet == nil
 }
 
 // ClassicNetworkingSpec is the specification of classic networking mode, integrated into kubernetes.
@@ -674,3 +675,22 @@ type LyftVPCNetworkingSpec struct {
 
 // GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases.
 type GCPNetworkingSpec struct{}
+
+// KindnetNetworkingSpec configures Kindnet settings.
+type KindnetNetworkingSpec struct {
+	Version                      string                 `json:"version,omitempty"`
+	NetworkPolicies              *bool                  `json:"networkPolicies,omitempty"`
+	AdminNetworkPolicies         *bool                  `json:"adminNetworkPolicies,omitempty"`
+	BaselineAdminNetworkPolicies *bool                  `json:"baselineAdminNetworkPolicies,omitempty"`
+	DNSCaching                   *bool                  `json:"dnsCaching,omitempty"`
+	NAT64                        *bool                  `json:"nat64,omitempty"`
+	FastPathThreshold            *int32                 `json:"fastPathThreshold,omitempty"`
+	Masquerade                   *KindnetMasqueradeSpec `json:"masquerade,omitempty"`
+	LogLevel                     *int32                 `json:"logLevel,omitempty"`
+}
+
+// KindnetMasqueradeSpec configures Kindnet masquerading settings.
+type KindnetMasqueradeSpec struct {
+	Enabled            *bool    `json:"enabled,omitempty"`
+	NonMasqueradeCIDRs []string `json:"nonMasqueradeCIDRs,omitempty"`
+}