mirror of
https://github.com/kubenetworks/kubevpn.git
synced 2025-10-12 10:40:29 +08:00
14731fe8e8
* add disclaimer to short domain resolve * updated introduction * Added content menu for Readme * changed picture for connect mode to draw.io * removed wireguard from picture
35 lines
2.3 KiB
Markdown
35 lines
2.3 KiB
Markdown
## Architecture
|
|
### Connect mode
|
|
create a tunnel with port-forward, add route to virtual interface, like tun0, forward taffic thougth tunnel to remote traffic manager.
|
|
|
|
|
|
### Reverse mode
|
|
base on connect mode, inject a container to controller, use iptables to block all inbound traffic and forward to local thougth tunnel.
|
|
|
|
```text
|
|
┌──────────┐ ┌─────────┌──────────┐ ┌──────────┐
|
|
│ ServiceA ├───►│ sidecar │ ServiceB │ ┌─►│ ServiceC │
|
|
└──────────┘ └────┌────┘──────────┘ │ └──────────┘
|
|
│ │
|
|
│ │ cloud
|
|
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘─ ─ ─ ─ ─ ─ ─ ─ ─┘ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
|
|
│ │ local
|
|
┌───┘──────┐ │
|
|
│ ServiceB'├──────────┘
|
|
└──────────┘
|
|
```
|
|
|
|
### Mesh mode
|
|
base on reverse mode, using envoy as proxy, if headers have special key-value pair, it will route to local machine, if not, use origin service.
|
|
```text
|
|
┌──────────┐ ┌─────────┌────────────┐ ┌──────────┐
|
|
│ ServiceA ├───►│ sidecar ├─► ServiceB │─►┌─►│ ServiceC │
|
|
└──────────┘ └────┌────┘────────────┘ │ └──────────┘
|
|
│ │ cloud
|
|
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─┘─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
|
|
│ │ local
|
|
header: a=1 │
|
|
┌───┘──────┐ │
|
|
│ ServiceB'├─────────────┘
|
|
└──────────┘
|
|
``` |