In a significant development for Kubernetes users, a new DOKS routing agent has been introduced, designed to efficiently manage static routes on Kubernetes worker nodes. This innovative component has emerged as a response to valuable insights gathered from users about its predecessor, the static route operator, while also introducing new features. Notably, this agent is integrated into the service package at no extra cost to users.
Key Features of the DOKS Routing Agent
The DOKS routing agent offers a host of features tailored to enhance user experience and operational efficiency within Kubernetes environments. Below, we delve into the key functionalities that make this routing agent a valuable addition to Kubernetes clusters:
- Static Route Management via Custom Resources:
The DOKS routing agent empowers users to configure IP routes on their Kubernetes worker nodes through a dedicated Kubernetes CustomResource. This feature is particularly advantageous in scenarios that demand specific network configurations, such as establishing VPN connections or routing egress traffic through designated gateway nodes.Example Configuration:
“`yaml
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:- "1.2.3.4/5" # Configures networks to be routed via specified gateways
gateways: - "10.114.0.3" # Gateway IP
“`
- "1.2.3.4/5" # Configures networks to be routed via specified gateways
- Support for Multiple Gateways and ECMP:
The agent provides the capability to define multiple gateways, automatically establishing Equal-Cost Multi-Path (ECMP) routes to distribute traffic evenly across them. While ECMP enhances traffic distribution, it is not a comprehensive load-balancing solution. It selects a gateway based on a hash of attributes, such as source and destination IP and port. In the event of a gateway failure, the Linux kernel will halt the traffic flow to that gateway. The routing agent periodically pings gateways (every 30 seconds) to detect when they are back online and restore traffic flow. It is crucial to permit ICMP traffic on the gateways to ensure this functionality works.Example Configuration:
“`yaml
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:- "1.2.3.4/5"
gateways: - "10.114.0.3"
- "10.114.0.4"
“`
- "1.2.3.4/5"
- Overriding Default Routes:
Users can override default routes without disrupting the overall cluster connectivity, addressing a highly requested feature from the community.Example Configuration:
“`yaml
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:- "0.0.0.0/0" # Default route
gateways: - "10.114.0.3"
- "10.114.0.4"
“`The routing agent ensures that essential components like control plane endpoints, metadata services, and DNS servers maintain direct connectivity through the worker node Droplet’s default gateway, thus preventing any disruptions within the Kubernetes cluster.
- "0.0.0.0/0" # Default route
- Node Selection for Routes:
The routing agent allows routes to be applied to specific nodes using Kubernetes label selectors, providing precise control over network configurations.Example Configuration:
“`yaml
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:- "1.2.3.4/5"
gateways: - "10.114.0.3"
nodeSelector:
nodeSelectorTerms:- matchExpressions:
- key: doks.digitalocean.com/node-pool
operator: In
values: ["worker-pool"]
“`Enabling the DOKS Routing Agent
To enable or disable the routing agent, users can utilize the
doctlcommand-line tool and the public DigitalOcean API. This provides flexibility in managing the routing component as per the requirements.Example Commands:
shell<br /> doctl kubernetes cluster create --enable-routing-agent …<br /> doctl kubernetes cluster update --enable-routing-agent …<br />For API users, the field structure is consistent:
json<br /> {<br /> "routing_agent": { "enabled": true }<br /> }<br />Usage for Static Egress IP
The DOKS routing agent, when used in conjunction with a self-managed VPC gateway Droplet, allows users to configure static egress IPs. This is beneficial for situations where outbound traffic from Kubernetes workloads needs to originate from a predictable IP address. Common use cases include IP allow-listing for external services or maintaining a consistent source IP for compliance purposes. Plans are underway to introduce a fully managed NAT gateway, which will simplify the process of achieving static egress IPs. This feature is expected to be available to customers later this year.
Making Static Route Management Simpler Than Ever
The DOKS routing agent significantly simplifies static route management in Kubernetes. It offers custom routes, multiple gateways with ECMP for effective load distribution, and the ability to override default routes. This makes it a managed and reliable solution for DigitalOcean Kubernetes customers with custom routing needs.
With the DOKS routing agent, users can:
- Define static routes using Kubernetes Custom Resources
- Distribute traffic using multiple gateways with ECMP
- Override default routes without disrupting cluster connectivity
- Apply routes to specific nodes using label selectors
These features are particularly useful for VPN setups, custom egress routing, and self-managed VPC gateways. The introduction of the DOKS routing agent marks a significant enhancement in Kubernetes network management, offering a streamlined and efficient solution for static route configurations. For further details, visit the DigitalOcean’s official documentation here.
In conclusion, the DOKS routing agent is a robust addition to Kubernetes management tools, offering enhanced capabilities and addressing previous limitations. It stands as a testament to DigitalOcean’s commitment to evolving their services based on user feedback and industry trends, ensuring that users have access to tools that are not only powerful but also user-friendly.
- key: doks.digitalocean.com/node-pool
- matchExpressions:
- "1.2.3.4/5"
For more Information, Refer to this article.
