mirror of
https://github.com/kubenetworks/kubevpn.git
synced 2025-10-08 08:40:30 +08:00
45 lines
2.4 KiB
Markdown
45 lines
2.4 KiB
Markdown
## Architecture
|
|
|
|
### Connect mode
|
|
|
|
create a tunnel with port-forward, add route to virtual interface, like tun0, forward traffic though tunnel to remote
|
|
traffic manager.
|
|
|
|
|
|
### Reverse mode
|
|
|
|
base on connect mode, inject a container to controller, use iptables to block all inbound traffic and forward to local
|
|
though tunnel.
|
|
|
|
```text
|
|
┌──────────┐ ┌─────────┌──────────┐ ┌──────────┐
|
|
│ ServiceA ├───►│ sidecar │ ServiceB │ ┌─►│ ServiceC │
|
|
└──────────┘ └────┌────┘──────────┘ │ └──────────┘
|
|
│ │
|
|
│ │ cloud
|
|
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘─ ─ ─ ─ ─ ─ ─ ─ ─┘ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
|
|
│ │ local
|
|
┌───┘──────┐ │
|
|
│ ServiceB'├──────────┘
|
|
└──────────┘
|
|
```
|
|
|
|
### Mesh mode
|
|
|
|
base on reverse mode, using envoy as proxy, if headers have special key-value pair, it will route to local machine, if
|
|
not, use origin service.
|
|
|
|
```text
|
|
┌──────────┐ ┌─────────┌────────────┐ ┌──────────┐
|
|
│ ServiceA ├───►│ sidecar ├─► ServiceB │─►┌─►│ ServiceC │
|
|
└──────────┘ └────┌────┘────────────┘ │ └──────────┘
|
|
│ │ cloud
|
|
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─┘─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
|
|
│ │ local
|
|
header: foo=bar │
|
|
┌───┘──────┐ │
|
|
│ ServiceB'├─────────────┘
|
|
└──────────┘
|
|
```
|
|
|
|
 |