adelorenzo
/
kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
kilo/docs/kg.md

3.7 KiB
Raw Blame History

kg

kg is the Kilo agent that runs on every Kubernetes node in a Kilo mesh. It performs several key functions, including:

  • adding the node to the Kilo mesh;
  • installing CNI configuration on the node;
  • configuring the WireGuard network interface; and
  • maintaining routing table entries and iptables rules.

kg is typically installed on all nodes of a Kubernetes cluster using a DaemonSet. Example manifests can be found in the manifests directory.

Usage

The behavior of kg can be configured using the command line flags listed below.

kg is the Kilo agent.
		It runs on every node of a cluster,
		setting up the public and private keys for the VPN
		as well as the necessary rules to route packets between locations.

Usage:
  kg [flags]
  kg [command]

Available Commands:
  completion  generate the autocompletion script for the specified shell
  help        Help about any command
  version     Print the version and exit.
  webhook     webhook starts a HTTPS server to validate updates and creations of Kilo peers.

Flags:
      --backend string                 The backend for the mesh. Possible values: kubernetes (default "kubernetes")
      --clean-up-interface             Should Kilo delete its interface when it shuts down?
      --cni                            Should Kilo manage the node's CNI configuration? (default true)
      --cni-path string                Path to CNI config. (default "/etc/cni/net.d/10-kilo.conflist")
      --compatibility string           Should Kilo run in compatibility mode? Possible values: flannel
      --create-interface               Should kilo create an interface on startup? (default true)
      --encapsulate string             When should Kilo encapsulate packets within a location? Possible values: never, crosssubnet, always (default "always")
  -h, --help                           help for kg
      --hostname string                Hostname of the node on which this process is running.
      --interface string               Name of the Kilo interface to use; if it does not exist, it will be created. (default "kilo0")
      --iptables-forward-rules         Add default accept rules to the FORWARD chain in iptables. Warning: this may break firewalls with a deny all policy and is potentially insecure!
      --kubeconfig string              Path to kubeconfig.
      --listen string                  The address at which to listen for health and metrics. (default ":1107")
      --local                          Should Kilo manage routes within a location? (default true)
      --log-level string               Log level to use. Possible values: all, debug, info, warn, error, none (default "info")
      --master string                  The address of the Kubernetes API server (overrides any value in kubeconfig).
      --mesh-granularity string        The granularity of the network mesh to create. Possible values: location, full (default "location")
      --mtu uint                       The MTU of the WireGuard interface created by Kilo. (default 1420)
      --port int                       The port over which WireGuard peers should communicate. (default 51820)
      --prioritise-private-addresses   Prefer to assign a private IP address to the node's endpoint.
      --resync-period duration         How often should the Kilo controllers reconcile? (default 30s)
      --subnet string                  CIDR from which to allocate addresses for WireGuard interfaces. (default "10.4.0.0/16")
      --topology-label string          Kubernetes node label used to group nodes into logical locations. (default "topology.kubernetes.io/region")
      --version                        Print version and exit